Jenkins Reverse Proxy Auth vulnerabilities
3 known vulnerabilities affecting jenkins/reverse_proxy_auth.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-32987HIGHCVSS 8.8≤ 1.7.42023-05-16
CVE-2023-32987 [HIGH] CWE-352 CVE-2023-32987: A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and ear
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
nvd
CVE-2022-45384MEDIUMCVSS 6.5fixed in 1.7.42022-11-15
CVE-2022-45384 [MEDIUM] CWE-522 CVE-2022-45384: Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
nvd
CVE-2018-1000150LOWCVSS 3.3≤ 1.52018-04-05
CVE-2018-1000150 [LOW] CWE-200 CVE-2018-1000150: An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 a
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
nvd