-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from disabled SSL/TLS validation during metadata retrieval. Key functions would be those configuring HTTP clients (using TrustAllCerts/NoopHostnameVerifier) and executing metadata fetch operations. The first function likely implemented the insecure SSL configuration, while the second used it for metadata retrieval. These are standard patterns in Java HTTP client handling, and the CWE-295 context confirms certificate validation is the core issue.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.plugins:miniorange-saml-sp | maven | < 2.2.0 | 2.2.0 |