CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.0%

CVSS Severity

CVSS v3 Score 4.3

References

http://www.openwall.com/lists/oss-security/2023/07/12/2
https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164
http://www.openwall.com/lists/oss-security/2023/07/12/2
https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164

Products affected by CVE-2023-37945

Jenkins » Saml Single Sign On » Version: 2.1.0

cpe:2.3:a:jenkins:saml_single_sign_on:2.1.0
Jenkins » Saml Single Sign On » Version: 2.2.0

cpe:2.3:a:jenkins:saml_single_sign_on:2.2.0
Jenkins » Saml Single Sign On » Version: 2.3.0

cpe:2.3:a:jenkins:saml_single_sign_on:2.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-37945

Products

Pricing

Contact Us