Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNXczLXBmcTgtM3I4Ms4AApuI
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login.
In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive, allowing attackers to craft URLs that would bypass the CSRF protection of any target URL.\n\nThis vulnerability was originally introduced in Jenkins SAML Plugin 1.1.3.
Jenkins SAML Plugin 2.0.8 restricts which URLs it disables cross-site request forgery (CSRF) protection for to the one URL that needs it.
Permalink: https://github.com/advisories/GHSA-r5w3-pfq8-3r82JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNXczLXBmcTgtM3I4Ms4AApuI
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-r5w3-pfq8-3r82, CVE-2021-21678
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-21678
- https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2469
- http://www.openwall.com/lists/oss-security/2021/08/31/1
- https://github.com/jenkinsci/saml-plugin/commit/e063317ee7e1c64a096e0ac323c7155b786c8b9d
- https://github.com/advisories/GHSA-r5w3-pfq8-3r82
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:saml
Affected Version Ranges: <= 2.0.7Fixed in: 2.0.8