CVE-2023-32991: 
Java vulnerability analysis and mitigation

A cross-site request forgery (CSRF) vulnerability was discovered in Jenkins SAML Single Sign On(SSO) Plugin version 2.0.2 and earlier. The vulnerability was identified on May 16, 2023, affecting the Jenkins SAML SSO plugin, which is used for authentication purposes (Jenkins Advisory).

The vulnerability stems from the plugin's failure to perform proper permission checks in multiple HTTP endpoints and its inadequate XML parser configuration. The plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers to parse crafted XML responses that use external entities. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to send HTTP requests to attacker-specified URLs and parse the responses as XML, or parse local files on the Jenkins controller as XML. This can lead to the extraction of secrets from the Jenkins controller through XXE attacks and enable server-side request forgery (SSRF). The impact is particularly severe as it can result in information disclosure and potential system compromise (GitHub Security Lab).

The vulnerability has been fixed in SAML Single Sign On(SSO) Plugin version 2.1.0. The updated version requires POST requests and Overall/Administer permission for the affected HTTP endpoints. Users are strongly advised to upgrade to this version or later to mitigate the vulnerability (Jenkins Advisory).