Vulnerability: Missing Permission Check in Jenkins SAML Single Sign On (SSO) Plugin Allows Unauthorized Email Sending

Vulnerability: Missing Permission Check in Jenkins SAML Single Sign On (SSO) Plugin Allows Unauthorized Email Sending

CVE-2023-32996 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Learn more about our Api Penetration Testing.