Main Vulnerability Database Vulnerabilities #VU76251

Man-in-the-Middle (MitM) attack in SAML Single Sign On(SSO) - CVE-2023-32993

Published: May 17, 2023

Vulnerability identifier: #VU76251

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-32993

CWE-ID: CWE-300

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
SAML Single Sign On(SSO)

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected plugin does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata. A remote attacker can perform a man-in-the-middle attack to intercept these connections.

How to mitigate CVE-2023-32993

Install updates from vendor's website.

Sources

https://jenkins.io/security/advisory/2023-05-16/

Man-in-the-Middle (MitM) attack in SAML Single Sign On(SSO) - CVE-2023-32993

Detailed vulnerability description

How to mitigate CVE-2023-32993

Sources

Please verify you're human