Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2013-2067 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2017-8039 Vulnerability in maven package org.springframework.webflow:spring-webflow

CVE-2023-33008 Vulnerability in maven package org.apache.johnzon:johnzon

CVE-2023-35148 Vulnerability in maven package org.jenkins-ci.plugins:ease-plugin

CVE-2020-2155 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory