Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Jenkins SAML Plugin 安全漏洞
Vulnerability Description
CloudBees Jenkins是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。SAML Plugin是使用在其中的一个支持使用SAML 2.0协议对Jenkins进行身份验证的插件。 CloudBees Jenkins SAML Plugin 1.0.6及之前版本中的SamlSecurityRealm.java文件存在会话固定漏洞。攻击者可利用该漏洞控制并获取之前登录用户的会话ID,从而伪造其他用户。
CVSS Information
N/A
Vulnerability Type
N/A