March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
May 17, 2023Rewterz Threat Advisory – Multiple Jenkins Azure VM Agents Plugin Vulnerabilities
May 17, 2023Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
May 17, 2023Rewterz Threat Advisory – Multiple Jenkins Azure VM Agents Plugin Vulnerabilities
May 17, 2023
Severity
Medium
Analysis Summary
CVE-2023-32995 CVSS:4.3
Jenkins SAML Single Sign On(SSO) Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to send emails vial miniOrange’s API. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-32994 CVSS:4.8
Jenkins SAML Single Sign On(SSO) Plugin is vulnerable to a man-in-the-middle attack, caused by an issue with SSL/TLS certificate validation unconditionally disabled when connecting to miniOrange or the configured IdP. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVE-2023-32993 CVSS:4.8
Jenkins SAML Single Sign On(SSO) Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML content, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-32992 CVSS:7.1
Jenkins SAML Single Sign On(SSO) Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML content, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-32991 CVSS:7.1
Jenkins SAML Single Sign On(SSO) Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to extract secrets from the Jenkins controller or server-side request forgery. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-32995
- CVE-2023-32994
- CVE-2023-32993
- CVE-2023-32992
- CVE-2023-32991
Affected Vendors
Jenkins
Affected Products
- Jenkins SAML Single Sign On(SSO) Plugin 2.0.0
- Jenkins SAML Single Sign On(SSO) Plugin 2.1.0
- Jenkins SAML Single Sign On(SSO) Plugin 2.0.2
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.