CVE-2018-1000602

CVSS v3.0 5.9 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 2

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.

Weaknesses

CWE-384: Session Fixation

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-06-26 17:29:00
(6 years ago)
Updated Date: 2018-08-17 17:04:00
(6 years ago)

Affected Products

Jenkins

Saml

Configuration #1

		CPE23	From	Up To
	Jenkins Saml for Jenkins 1.0.6 and prior versions	cpe:2.3:a:jenkins:saml::::::jenkins		<= 1.0.6