GSA_kwCzR0hTQS00cGp4LTg2cGcteDRqNc4AAWed

Moderate EPSS: 0.00032% (0.08756 Percentile) EPSS:

Permalink JSON

Jenkins SAML Plugin Session Fixation vulnerability

Affected Packages	Affected Versions	Fixed Versions
maven:org.jenkins-ci.plugins:saml	<= 1.0.6	1.0.7

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. SAML Plugin 1.0.7 invalidates the previous session during login and creates a new one.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000602
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-916
https://github.com/jenkinsci/saml-plugin/commit/fd95d576bda64b278071428c7fbee03c02f843c0
https://github.com/advisories/GHSA-4pjx-86pg-x4j5

Identifiers

GHSA-4pjx-86pg-x4j5

CVE-2018-1000602

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00032

EPSS Percentile: 0.08756

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jenkinsci/saml-plugin

Date and time

Published

over 3 years ago

Updated

24 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories