CVE-2021-21678

CWE-352Cross-Site Request Forgery (CSRF)CWE-6935 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 79.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Saml PluginJenkins Saml
Timeline
PublishedAug 31
Latest updateMay 24

Description

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_saml_plugin1.1.3unspecified+1
NVDjenkins/saml1.1.32.0.7

🔴Vulnerability Details

3
OSV
Jenkins SAML Plugin allows bypassing CSRF protection for any URL2022-05-24
GHSA
Jenkins SAML Plugin allows bypassing CSRF protection for any URL2022-05-24
CVEList
CVE-2021-21678: Jenkins SAML Plugin 22021-08-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2021-08-312021-08-31
CVE-2021-21678 (HIGH CVSS 8.8) | Jenkins SAML Plugin 2.0.7 and earli | cvebase.io