Replay Attack Affecting org.jenkins-ci.plugins:saml package, versions [,4.583.585.v22ccc1139f55)

Q: How to fix?

Upgrade org.jenkins-ci.plugins:saml to version 4.583.585.v22ccc1139f55 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-13774795
published30 Oct 2025
disclosed29 Oct 2025
creditDenys Digtiar

Report a new vulnerability Found a mistake?

Introduced: 29 Oct 2025

NewCVE-2025-64131 (opens in a new tab) CWE-294 (opens in a new tab)

How to fix?

Upgrade org.jenkins-ci.plugins:saml to version 4.583.585.v22ccc1139f55 or higher.

Overview

Affected versions of this package are vulnerable to Replay Attack due to a lack of replay cache in the authentication process. An attacker can gain unauthorized access by replaying authentication requests between a user's web browser and the application, authenticating to Jenkins as that user.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
High
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
High
Integrity (SI)
None
Availability (SA)
None