cvedb.io
CVE-2023-32993
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2023-05-16T17:15:11.893 · Last modified 2026-06-17T06:00:01.653

Summary

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Affected products

jenkins — saml_single_sign_on

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.