Jenkins Saml vulnerabilities
3 known vulnerabilities affecting jenkins/saml.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-64131HIGHCVSS 7.5fixed in 4.583.585.v22ccc1139f552025-10-29
CVE-2025-64131 [HIGH] CWE-294 CVE-2025-64131: Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing att
Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user.
nvd
CVE-2021-21678HIGHCVSS 8.8≥ 1.1.3, ≤ 2.0.72021-08-31
CVE-2021-21678 [HIGH] CWE-352 CVE-2021-21678: Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF prot
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
nvd
CVE-2018-1000602MEDIUMCVSS 5.9≤ 1.0.62018-06-26
CVE-2018-1000602 [MEDIUM] CWE-384 CVE-2018-1000602: A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityReal
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.
nvd