Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-32993 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2015-5298 Vulnerability in maven package org.jenkins-ci.plugins:google-login

CVE-2021-30180 Vulnerability in maven package org.apache.dubbo:dubbo

CVE-2022-36897 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage

CVE-2020-2223 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-19837 Vulnerability in npm package node-sass

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory