GHSA-r5w3-pfq8-3r82

Suggest an improvement
Source
https://github.com/advisories/GHSA-r5w3-pfq8-3r82
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r5w3-pfq8-3r82/GHSA-r5w3-pfq8-3r82.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-r5w3-pfq8-3r82
Aliases
Published
2022-05-24T19:12:37Z
Modified
2024-01-02T05:51:24.408605Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
Details

An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login.

In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive, allowing attackers to craft URLs that would bypass the CSRF protection of any target URL.\n\nThis vulnerability was originally introduced in Jenkins SAML Plugin 1.1.3.

Jenkins SAML Plugin 2.0.8 restricts which URLs it disables cross-site request forgery (CSRF) protection for to the one URL that needs it.

Database specific
{
    "nvd_published_at": "2021-08-31T14:15:00Z",
    "cwe_ids": [
        "CWE-352",
        "CWE-693"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-15T16:35:03Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:saml

Package

Name
org.jenkins-ci.plugins:saml
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/saml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.8

Affected versions

0.*

0.2
0.3
0.4
0.5
0.6
0.12
0.13
0.14

1.*

1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.3.1
2.0.5
2.0.6
2.0.7

Database specific

{
    "last_known_affected_version_range": "<= 2.0.7"
}