CVE-2023-37945
published 2023-07-12CVE-2023-37945: A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | assembla_auth_plugin | — | — |
| jenkins | benchmark_evaluator_plugin | — | — |
| jenkins | datadog_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | macstadium_plugin | — | — |
| jenkins | mathworks_polyspace_plugin | — | — |
| jenkins | openshift_login_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_plugin | — | — |
| jenkins | orka_by_macstadium_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | saml_single_sign_on | >= 2.1.0 < 2.3.1 | 2.3.1 |
| jenkins | sumologic_publisher_plugin | — | — |
| jenkins | test_results_aggregator_plugin | — | — |
| jenkins_project | jenkins_saml_single_sign_on_plugin | 2.1.0 – 2.3.0 | — |