CVE-2025-64131
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-12-22
Assigner: Jenkins Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkins | saml | to 4.583.585.v22ccc1139f55 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Jenkins SAML Plugin version 4.583.vc68232f7018a_ and earlier, where the plugin does not implement a replay cache. This allows attackers who can observe the SAML authentication flow between a user's web browser and Jenkins to replay those authentication requests, effectively authenticating to Jenkins as that user without their credentials.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can impersonate legitimate users by replaying captured SAML authentication requests. This can lead to unauthorized access to Jenkins, potentially allowing the attacker to view, modify, or disrupt sensitive build and deployment processes, compromising confidentiality, integrity, and availability.