Description
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)
Related Vulnerabilities
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2020-6429 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2023-49396 Vulnerability in maven package com.jfinal:jfinal