Cyberdudebivash

Is Your Jenkins Open? Critical SAML Bypass Flaw and MCP Plugin Vulnerabilities Exposed.

CYBERDUDEBIVASH


Author: CyberDudeBivash
Powered by: CyberDudeBivash Brand | cyberdudebivash.com
Related:cyberbivash.blogspot.com

Published by CyberDudeBivash • Date: Oct 30, 2025 (IST)

Is Your Jenkins Open? Critical SAML Bypass Flaw and MCP Plugin Vulnerabilities Exposed.

Fresh Jenkins advisory discloses a SAML replay authentication bypass and MCP Server permission flaws that let low-privileged users trigger builds and harvest config. Patch immediately and restrict exposure. 

Edureka (Blue Team / DevSecOps)Kaspersky SecurityAliExpress WWAlibaba WWCyberDudeBivash Ecosystem:Apps & Services · Threat Intel (Blogger) · CryptoBivash · News Portal · Subscribe: ThreatWire

TL;DR — Patch, Lock Down, Hunt

  • Critical risk: SAML Plugin replay auth bypass lets an attacker who can capture SAML flow data replay it to log in as a user. Fix: update to 4.583.585.v22ccc1139f55 (adds replay cache). 
  • Privilege abuse: MCP Server Plugin missing permission checks let Item/Read users trigger builds and read SCM/Cloud info. Fix: update to 0.86.v7d3355e6a_a_18
  • Also flagged: CSRF in Extensible Choice Parameter (no fix yet) and several other plugin issues—disable or restrict access until patched. 
  • Action now: Patch, disable internet exposure, force SSO re-auth, review audit logs for suspicious replays/build triggers, and rotate tokens on compromise suspicion.

Contents

  1. Background: Why Jenkins exposure = Rapid CI/CD takeover
  2. The New Flaws (SAML & MCP) in Plain English
  3. Affected & Fixed Versions
  4. Rapid Triage & Containment (60–120 mins)
  5. Hunt Queries & Indicators
  6. Hardening Jenkins (Least-Privilege & Exposure)
  7. FAQ
  8. Sources

Background: Why Jenkins Exposure = Rapid CI/CD Takeover

Publicly exposed Jenkins often holds PATs, cloud keys, and deploy credentials. Authentication bypass or missing authorization on plugins quickly becomes org-wide compromise (code pushes, artifact poisoning, secret theft). This advisory adds SAML replay and MCP permission issues to an already high-value target list. 

The New Flaws (SAML & MCP) in Plain English

SAML Plugin — Authentication Replay

CVE-2025-64131: Affected SAML versions did not implement a replay cache. If an attacker can observe SAML traffic (e.g., via proxy, misconfigured TLS termination, or adjacent position), they can replay a captured request and authenticate as the victim. The fixed build adds a replay cache to reject duplicates. 

MCP Server Plugin — Missing Permission Checks

CVE-2025-64132: Older MCP Server builds let users with only Item/Read trigger builds, peek at SCM config, and enumerate clouds via specific tools. Updated version enforces permission checks. 

Related Plugin Risks to Watch

  • Extensible Choice Parameter — CSRF can execute sandboxed Groovy code (no fix yet; disable or restrict). 
  • Others in the Oct-29 pack include JDepend (XXE), Azure CLI (command exec paths), Nexus Task Runner, Themis, Windocks, OpenShift Pipeline, etc. Review advisory for each. 

Affected & Fixed Versions

  • SAML Plugin: affected up to 4.583.vc68232f7018a_update to 4.583.585.v22ccc1139f55
  • MCP Server Plugin: affected up to 0.84.v50ca_24ef83f2update to 0.86.v7d3355e6a_a_18
  • Extensible Choice Parameter: affected up to 239.v5f5c278708cfno fix (disable/limit). 

Vulnerability records: NVD pages for CVE-2025-64131 (SAML) and CVE-2025-64132 (MCP) confirm impact and reference the advisory; Tenable/Nessus plugin lists detection logic. 

Rapid Triage & Containment (60–120 mins)

  1. Freeze exposure: If Jenkins is on the internet, put it behind VPN/ZTNA or disable external access. Enforce HTTPS end-to-end (no SSL offload leaks).
  2. Patch now: Upgrade SAML + MCP plugins to fixed builds; disable Extensible Choice Parameter until a fix ships. 
  3. Force re-auth: Invalidate existing sessions after SAML fix; rotate admin/API tokens if you suspect replayed logins.
  4. Audit builds: Look for builds triggered by users lacking Item/Build or from service accounts with only read-level perms (possible MCP abuse). 
  5. Review config: Check SCM/Cloud config reads by unexpected users; tighten Folder/Project permissions.
  6. Backups & secrets: Assume exposed jobs may leak repos and secrets; rotate PATs, SSH keys, cloud creds used in jobs.

Hunt Queries & Indicators

1) Suspicious SAML logins (replay pattern)

  • Multiple successful SAML assertions for the same user within seconds/minutes from different IPs/UAs.
  • Logins via reverse proxies not terminating TLS properly; unexpected X-Forwarded-For sources.

2) Unauthorized build triggers (MCP)

  • API calls to MCP tool endpoints (e.g., triggerBuildgetJobScmgetStatus) by users without Item/Build or Extended Read
  • Builds queued by unfamiliar service accounts; sudden cloud agent provisioning after read-only access.

3) High-value artifacts

  • Audit config.xml for tokens stored by affected plugins (see advisory list). Lock down filesystem access.
  • SIEM: alert on anonymous or low-privilege users hitting credential-touching endpoints.

Hardening Jenkins (Least-Privilege & Exposure)

  • Network: Private-only; VPN/ZTNA; strict egress from controller/agents.
  • Identity: Enforce SSO with signed/encrypted assertions; clock sync; logout on browser close; short session TTLs.
  • Permissions: Deny Overall/Read to anonymous; use Folders + RBAC; no broad Item/Read.
  • Plugins: Keep a minimal allowlist; auto-update disabled for risky plugins; subscribe to Jenkins advisories.
  • Secrets: Move creds to a vault; rotate on every incident; use short-lived cloud tokens where possible.

CyberDudeBivash Services, Apps & Ecosystem

Services (Hire Us)

  • Jenkins Exposure Review & Hardening
  • CI/CD Incident Response & Token Rotation
  • RBAC & Plugin Governance Program
  • Supply-Chain Security & Build Provenance

Explore Apps & ProductsConsulting & ServicesSubscribe to ThreatWire

Our Departments & Pages

FAQ

Does the SAML issue require network sniffing?

Yes—attackers must obtain SAML flow info to replay it; poor TLS handling or a malicious/compromised proxy can make this feasible. The fix adds a replay cache. 

We only grant Item/Read to most users. Is MCP still risky?

Yes. Pre-fix MCP allowed read-level users to trigger builds and see SCM/cloud details. Update to the fixed version to enforce checks. 

Are these in CISA KEV?

As of Oct 30, 2025 IST, they are newly published CVEs; monitor KEV for additions and set patch SLAs accordingly. 

Sources

  • Jenkins Security Advisory — 2025-10-29 (SAML replay, MCP permission checks, related plugins; fixed versions). 
  • NVD — CVE-2025-64131 (SAML replay cache missing).
  • NVD — CVE-2025-64132 (MCP Server missing permission checks). 
  • Tenable Nessus plugin summary for the Oct-29 Jenkins plugins advisory. 
  • Coverage & explainer on SAML/MCP plugin issues. 

Ecosystem: cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog | cyberdudebivash-news.blogspot.com | ThreatWire

Author: CyberDudeBivash • Powered by CyberDudeBivash • © 2025

#CyberDudeBivash #CyberBivash #Jenkins #SAML #CVE202564131 #CVE202564132 #CI/CD #DevSecOps #ThreatWire

Leave a comment

Design a site like this with WordPress.com
Get started