Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and previous versions unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins saml single sign on |