CVE-2023-32978

🗓️ 16 May 2023 15:59:59Reported by jenkinsType

CVE-2023-32978: CSRF vulnerability in Jenkins LDAP Plugi

Reporter	Title	Published	Views	Family All 14
AlpineLinux	CVE-2023-32978	16 May 202315:59	–	alpinelinux
Tenable Nessus	Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)	16 May 202300:00	–	nessus
CNNVD	Jenkins Plugin LDAP 跨站请求伪造漏洞	16 May 202300:00	–	cnnvd
Cvelist	CVE-2023-32978	16 May 202315:59	–	cvelist
EUVD	EUVD-2023-1523	3 Oct 202520:07	–	euvd
Github Security Blog	Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery	16 May 202318:30	–	github
NVD	CVE-2023-32978	16 May 202316:15	–	nvd
OSV	CVE-2023-32978	16 May 202316:15	–	osv
OSV	GHSA-C9QP-6556-JWWP Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery	16 May 202318:30	–	osv
Prion	Cross site request forgery (csrf)	16 May 202316:15	–	prion

NVD

Node

jenkins lightweight_directory_access_protocolRange<673.v034ec70ec2b_bjenkins

[
  {
    "defaultStatus": "affected",
    "product": "Jenkins LDAP Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "676.vfa_64cf6b_b_002",
        "versionType": "maven"
      },
      {
        "lessThan": "671.*",
        "status": "unaffected",
        "version": "671.673.vc045dcdd856b_",
        "versionType": "maven"
      },
      {
        "lessThan": "2.10.*",
        "status": "unaffected",
        "version": "2.10.1",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
jenkins	www.jenkins.io/security/advisory/2023-05-16/

23 Jan 2025 16:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00064

SSVC

CWE-352