GHSA-X9V8-P946-5PWC
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-01 19:38
VLAI
Summary
Jenkins LDAP Plugin deserializes data from LDAP referrals without validation
Details
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals from the configured LDAP server. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization "gadgets" are available on the classpath.
This allows attackers able to control the configured LDAP server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.
LDAP Plugin 807.809.vd3a_4e5e4ec98 no longer follows LDAP referrals.
Severity
6.6 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 807.v7d7de30930cf"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "807.809.vd3a"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48917"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T19:38:25Z",
"nvd_published_at": "2026-05-27T15:16:31Z",
"severity": "MODERATE"
},
"details": "Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals from the configured LDAP server. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization \"gadgets\" are available on the classpath.\n\nThis allows attackers able to control the configured LDAP server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.\n\nLDAP Plugin 807.809.vd3a_4e5e4ec98 no longer follows LDAP referrals.",
"id": "GHSA-x9v8-p946-5pwc",
"modified": "2026-07-01T19:38:25Z",
"published": "2026-05-27T15:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48917"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/ldap-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Jenkins LDAP Plugin deserializes data from LDAP referrals without validation"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…