CVE-2023-32991

Name of the Vulnerable Software and Affected Versions Jenkins SAML Single Sign On(SSO) Plugin versions 2.0.2 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. The plugin does not perform permission checks in multiple HTTP endpoints, which can be exploited by attackers with Overall/Read permission. Additionally, the plugin's XML parser is not configured to prevent XML external entity (XXE) attacks, allowing attackers to extract secrets from the Jenkins controller or perform server-side request forgery. The affected HTTP endpoints do not require POST requests, resulting in a CSRF vulnerability.

Recommendations For Jenkins SAML Single Sign On(SSO) Plugin versions 2.0.2 and earlier, update to version 2.1.0, which requires POST requests and Overall/Administer permission for the affected HTTP endpoints. As a temporary workaround, consider restricting access to the affected HTTP endpoints to minimize the risk of exploitation. Avoid using the plugin's XML parser to parse external XML responses until the issue is resolved. Restrict the Overall/Read permission to prevent attackers from sending unauthorized HTTP requests.