CVE-2023-32996

Cross-Site Request Forgery (CSRF) in maven/io.jenkins.plugins/miniorange-saml-sp

Identifiers

GHSA-w88f-j9rc-h7v3, CVE-2023-32996

Package Slug

maven/io.jenkins.plugins/miniorange-saml-sp

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Affected Versions

All versions before 2.0.1

Solution

Upgrade to version 2.0.1 or above.

Last Modified

2023-05-17

source