Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Related Vulnerabilities

CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth

CVE-2017-7561 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs

CVE-2013-4322 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2018-12544 Vulnerability in maven package io.vertx:vertx-web-api-contract

CVE-2017-5641 Vulnerability in maven package org.apache.flex.blazeds:blazeds

Severity

Medium

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory