Description
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)
Related Vulnerabilities
CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer
CVE-2022-28890 Vulnerability in maven package org.apache.jena:jena-core
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-25164 Vulnerability in npm package @tinacms/cli
CVE-2022-31692 Vulnerability in maven package org.springframework.security:spring-security-web