Description
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)
Related Vulnerabilities
CVE-2012-0022 Vulnerability in maven package tomcat:tomcat-util
CVE-2015-7538 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2017-4994 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2018-1000146 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner