Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Moderate severity
GitHub Reviewed
Published
May 16, 2023
to the GitHub Advisory Database
•
Updated Nov 6, 2023
Package
Affected versions
< 1.7.5
Patched versions
1.7.5
Description
Published by the National Vulnerability Database
May 16, 2023
Published to the GitHub Advisory Database
May 16, 2023
Reviewed
May 17, 2023
Last updated
Nov 6, 2023
Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
Reverse Proxy Auth Plugin 1.7.5 requires POST requests for the affected form validation method.
References