This page lists publicly disclosed CVE vulnerabilities affecting jenkins saml (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-64131 | Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user. | [email protected] | 7.5 | 0.39% | 2025-10-29 | 2026-06-17 |
| CVE-2021-21678 | Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | [email protected] | 8.8 | 0.78% | 2021-08-31 | 2026-06-16 |
| CVE-2018-1000602 | A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | [email protected] | 5.9 | 0.85% | 2018-06-26 | 2026-06-16 |