CVE-2023-32993

MEDIUM

Jenkins Saml Single Sign ON < 2.0.2 - Origin Validation Error

Title source: rule

Description

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

References (1)

[Vendor Advisory] https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)

Scores

CVSS v3 4.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-345 CWE-346

Status published

Affected Products (2)

jenkins/saml_single_sign_on < 2.0.2

io.jenkins.plugins/miniorange-saml-sp < 2.1.0Maven

Timeline

Published May 16, 2023

Tracked Since Feb 18, 2026