Description
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994
Related Vulnerabilities
CVE-2020-13279 Vulnerability in npm package gitlab-workflow
CVE-2023-37478 Vulnerability in npm package @pnpm/exe
CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-web-api
CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-34190 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin