pkg:maven/org.jenkins-ci.plugins/miniorange-saml-sp
Type
maven
Namespace
org.jenkins-ci.plugins
Name
miniorange-saml-sp
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/miniorange-saml-sp package.
High
1
Medium
4
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 2.0.2 |
CVE-2023-32991
CVE-2023-32992 |
JENKINS:SECURITY-2993 | CSRF vulnerability and missing permission checks in `miniorange-saml-sp` allow XXE | high |
2023-05-16T00:00:00
(16 months ago) |
|
Fixed | = 2.1.0 |
CVE-2023-32991
CVE-2023-32992 |
JENKINS:SECURITY-2993 | CSRF vulnerability and missing permission checks in `miniorange-saml-sp` allow XXE | high |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 2.0.0 |
CVE-2023-32995
CVE-2023-32996 |
JENKINS:SECURITY-2994 | CSRF vulnerability and missing permission check in `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Fixed | = 2.0.1 |
CVE-2023-32995
CVE-2023-32996 |
JENKINS:SECURITY-2994 | CSRF vulnerability and missing permission check in `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 2.0.2 |
CVE-2023-32993
|
JENKINS:SECURITY-3001-1 | Missing hostname validation in `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Fixed | = 2.1.0 |
CVE-2023-32993
|
JENKINS:SECURITY-3001-1 | Missing hostname validation in `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 2.1.0 |
CVE-2023-32994
|
JENKINS:SECURITY-3001-2 | SSL/TLS certificate validation unconditionally disabled by `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Fixed | = 2.2.0 |
CVE-2023-32994
|
JENKINS:SECURITY-3001-2 | SSL/TLS certificate validation unconditionally disabled by `miniorange-saml-sp` | medium |
2023-05-16T00:00:00
(16 months ago) |
|
Affected | <= 2.3.0 |
CVE-2023-37945
|
JENKINS:SECURITY-3164 | Missing permission check in `miniorange-saml-sp` | medium |
2023-07-12T00:00:00
(14 months ago) |
|
Fixed | = 2.3.1 |
CVE-2023-37945
|
JENKINS:SECURITY-3164 | Missing permission check in `miniorange-saml-sp` | medium |
2023-07-12T00:00:00
(14 months ago) |