Back to search
CVE-2023-32993
Published: May 16, 2023
Modified: Jan 23, 2025
PUBLISHED
Description
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
| Vendor | Product | Versions |
|---|---|---|
Jenkins Project | Jenkins SAML Single Sign On(SSO) Plugin | affected 0 - <= 2.0.2 |
References
Jenkins Security Advisory 2023-05-16
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now