All the vulnerabilites related to Jenkins project - Jenkins Reverse Proxy Auth Plugin
cve-2022-45384
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Jenkins project | Jenkins Reverse Proxy Auth Plugin |
Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:56.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094" }, { "name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Jenkins Reverse Proxy Auth Plugin", "vendor": "Jenkins project", "versions": [ { "lessThanOrEqual": "1.7.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system." } ], "providerMetadata": { "dateUpdated": "2023-10-24T14:26:14.042Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094" }, { "name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4" } ] } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-45384", "datePublished": "2022-11-15T00:00:00", "dateReserved": "2022-11-14T00:00:00", "dateUpdated": "2024-08-03T14:09:56.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32987
Vulnerability from cvelistv5
Published
2023-05-16 16:00
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
References
▼ | URL | Tags |
---|---|---|
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Jenkins Project | Jenkins Reverse Proxy Auth Plugin |
Version: 0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Jenkins Security Advisory 2023-05-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Jenkins Reverse Proxy Auth Plugin", "vendor": "Jenkins Project", "versions": [ { "lessThanOrEqual": "1.7.4", "status": "affected", "version": "0", "versionType": "maven" } ] } ], "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials." } ], "providerMetadata": { "dateUpdated": "2023-10-24T12:50:08.786Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "name": "Jenkins Security Advisory 2023-05-16", "tags": [ "vendor-advisory" ], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002" } ] } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2023-32987", "datePublished": "2023-05-16T16:00:08.216Z", "dateReserved": "2023-05-16T10:55:43.519Z", "dateUpdated": "2024-08-02T15:32:46.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }