Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader

CVE-2018-1000177 Vulnerability in maven package org.jenkins-ci.plugins:s3

CVE-2022-34803 Vulnerability in maven package org.jenkins-ci.plugins:opsgenie

CVE-2011-5245 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs

CVE-2018-1999039 Vulnerability in maven package org.jenkins-ci.plugins:confluence-publisher

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory