CVE-2023-32992

Name of the Vulnerable Software and Affected Versions Jenkins SAML Single Sign On(SSO) Plugin versions 2.0.2 and earlier

Description The issue is related to missing permission checks in the Jenkins SAML Single Sign On(SSO) Plugin, allowing attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. This can lead to extraction of secrets from the Jenkins controller or server-side request forgery due to the plugin not configuring its XML parser to prevent XML external entity (XXE) attacks. Additionally, the affected HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Recommendations For Jenkins SAML Single Sign On(SSO) Plugin versions 2.0.2 and earlier, update to version 2.1.0 or later, which requires POST requests and Overall/Administer permission for the affected HTTP endpoints. As a temporary workaround, consider restricting access to the affected HTTP endpoints to minimize the risk of exploitation. Restrict the Overall/Read permission to prevent attackers from sending malicious HTTP requests. Avoid using the plugin's XML parser to parse external XML responses until the issue is resolved.