org.jenkins-ci.plugins:saml

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:samlpage 1 of 1

CVE-2018-1000602MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.0.7
2018-06-26
vulnerable: 0.12 ... 1.0.6 (14 versions)
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.
CVE-2021-21678HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.8
2021-08-31
vulnerable: 0.12 ... 2.0.7 (34 versions)
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVE-2025-64131HIGHCVSS 7.5EG 7.5✓ Fixed in 4.583.585.v22ccc1139f55
2025-10-29
vulnerable: 0.12 ... 4.583.vc68232f7018a_ (73 versions)
Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, aut…

Check whether org.jenkins-ci.plugins:saml is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:saml CVEs against the assets you own.

Start Free Scan →