3 matches found
CVE-2022-45384
CVE-2022-45384 affects the Jenkins Reverse Proxy Auth Plugin. Versions 1.7.3 and earlier store the LDAP manager password unencrypted in the Jenkins controller’s global config.xml, enabling access by anyone with filesystem access to the controller. The vulnerability is triggered by plaintext stora...
CVE-2023-32987
The CVE affects Jenkins Reverse Proxy Auth Plugin (versions ≤ 1.7.4). A CSRF flaw allows an attacker to connect to an attacker-specified LDAP server using attacker-specified credentials. Impact is high on confidentiality, integrity, and availability (CVE-2023-32987, CVSS v3.1: 8.8). The issue ari...
CVE-2018-1000150
CVE-2018-1000150 affects Jenkins' Reverse Proxy Auth Plugin