CVE-2021-21678
published 2021-08-31CVE-2021-21678: Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | code_coverage_plugin | — | — |
| jenkins | nested_view_plugin | — | — |
| jenkins | nomad_plugin | — | — |
| jenkins | saml | 1.1.3 – 2.0.7 | — |
| jenkins | saml_plugin | — | — |
| jenkins_project | jenkins_saml_plugin | >= 1.1.3 < unspecified | unspecified |
| jenkins_project | jenkins_saml_plugin | unspecified – 2.0.7 | — |