Description
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)
Related Vulnerabilities
CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2013-2165 Vulnerability in maven package org.richfaces.framework:richfaces-impl-jsf2
CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server
CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2016-3088 Vulnerability in maven package org.apache.activemq:activemq-fileserver