2 matches found
CVE-2023-32993
CVE-2023-32993 affects the Jenkins SAML Single Sign On (SSO) Plugin up to version 2.0.2. The root cause is missing hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, enabling MITM interception of those connections. Impact is limited to authenticatio...
CVE-2023-32993
Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...