Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2018-1999042 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10428 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner

CVE-2017-12634 Vulnerability in maven package org.apache.camel:camel-castor

CVE-2022-20612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory