Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2019-10448 Vulnerability in maven package jenkins.xtc:extensivetesting

CVE-2023-1584 Vulnerability in maven package io.quarkus:quarkus-oidc

CVE-2021-21141 Vulnerability in npm package electron

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:flex-messaging-common

CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory