CVE-2023-32992

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
8.8HIGH
EPSS
1.3%
top 20.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Saml Single Sign On(sso) PluginJenkins Saml Single Sign ON
Timeline
PublishedMay 16

Description

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
CVEList
CVE-2023-32992: Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 22023-05-16
GHSA
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks2023-05-16
OSV
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks2023-05-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-05-162023-05-16
CVE-2023-32992 (HIGH CVSS 8.8) | Missing permission checks in Jenkin | cvebase.io