Description
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994
Related Vulnerabilities
CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server
CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server
CVE-2019-10361 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release
CVE-2022-45470 Vulnerability in maven package org.apache.hama:hama-core
CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core