CVE-2023-32995: A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
jenkins	ansible_plugin	—	—
jenkins	appspider_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	cas_plugin	—	—
jenkins	code_dx_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	file_parameter_plugin	—	—
jenkins	hashicorp_vault_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	improper_masking_of_credentials_in_hashicorp_vault_plugin	—	—
jenkins	job_plugin	—	—
jenkins	ldap_plugin	—	—
jenkins	loadcomplete_support_plugin	—	—
jenkins	ns-nd_integration_performance_publisher_plugin	—	—
jenkins	pipeline_utility_steps_plugin	—	—
jenkins	reverse_proxy_auth_plugin	—	—
jenkins	saml_single_sign_on	<= 2.0.0	—
jenkins	sidebar_link_plugin	—	—
jenkins	tag_profiler_plugin	—	—
jenkins	testcomplete_support_plugin	—	—
jenkins	testng_report_files_and_displayed_on_the_plugin	—	—
jenkins	testng_results_plugin	—	—
jenkins_project	jenkins_saml_single_sign_on_plugin	<= 2.0.0	—