Jenkins Project Jenkins Reverse Proxy Auth Plugin vulnerabilities
2 known vulnerabilities affecting jenkins_project/jenkins_reverse_proxy_auth_plugin.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-32987HIGHCVSS 8.8≤ 1.7.42023-05-16
CVE-2023-32987 [HIGH] CWE-352 CVE-2023-32987: A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and ear
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
cvelistv5nvd
CVE-2022-45384MEDIUMCVSS 6.5≥ unspecified, ≤ 1.7.32022-11-15
CVE-2022-45384 [MEDIUM] CWE-522 CVE-2022-45384: Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
cvelistv5nvd