← Voltar para CVEs
CVE-2023-32993
MEDIUM4.8
Descricao
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Detalhes CVE
Pontuacao CVSS v3.14.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/16/2023
Ultima modificacao1/23/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
jenkins:saml_single_sign_on
Fraquezas (CWE)
CWE-345CWE-346
Referencias
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)(jenkinsci-cert@googlegroups.com)
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.