org.jenkins-ci.plugins:reverse-proxy-auth-plugin is vulnerable to Cross-Site Request Forgery (CSRF). An attacker is able to connect to an attacker-specified LDAP server using attacker-specified credentials, because the library does not require POST requests for a form validation method, resulting in a cross-site request forgery.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins reverse proxy auth plugin | le | 1.7.4 | |
jenkins reverse proxy auth plugin | le | 1.7.4 |