{"id":"CVE-2021-21678","details":"Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.","aliases":["GHSA-r5w3-pfq8-3r82"],"modified":"2026-03-15T14:07:40.628905Z","published":"2021-08-31T14:15:25.500Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/31/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2469"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/saml-plugin","events":[{"introduced":"2d82e862470fa4bb277c0f1788a7da87e0fc3c2d"},{"last_affected":"6c0dee271fba1c89c6cbe812d9eb76364dbf99d5"}],"database_specific":{"versions":[{"introduced":"1.1.3"},{"last_affected":"2.0.7"}]}}],"versions":["saml-1.1.3","saml-1.1.4","saml-1.1.5","saml-1.1.6","saml-1.1.7","saml-2.0.0","saml-2.0.1","saml-2.0.2","saml-2.0.3","saml-2.0.5","saml-2.0.6","saml-2.0.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21678.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}