-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:saml | maven | < 4.583.585.v22ccc1139f55 | 4.583.585.v22ccc1139f55 |
Miggo AIRoot Cause AnalysisThe vulnerability is caused by the lack of a replay cache in the SAML authentication process, which allows an attacker to reuse a valid SAML response to impersonate a user. The analysis of the patch commit 6170b1013daf52770de29a66aeb57893aae1d7d6 reveals that the vulnerability is fixed by introducing a new JenkinsSAML2Client class that properly configures a replay cache. The critical change is within the org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client method. This method was previously instantiating the standard SAML2Client without the necessary replay protection. The patch modifies this method to instantiate the new JenkinsSAML2Client, which enforces the replay cache. Therefore, the createSAML2Client function is the identifiable point in the code where the vulnerable configuration was created, and its modification is direct evidence of the fix.
org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Clientsrc/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java
JavaJavaOngoing coverage of React2Shell