Description
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/07/12/2
https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164
Related Vulnerabilities
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.10
CVE-2019-10356 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2021-39168 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2022-42466 Vulnerability in maven package org.apache.isis.viewer:isis-viewer-wicket-ui
CVE-2016-4464 Vulnerability in maven package org.apache.cxf.fediz:fediz-core