Cross-Site Request Forgery Vulnerability in Jenkins LDAP Plugin
CVE-2023-32978

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Ldap Plugin
Vendor: CVE Published:; 16 May 2023

What is CVE-2023-32978?

A cross-site request forgery (CSRF) vulnerability in the Jenkins LDAP Plugin enables attackers to manipulate the plugin to connect to a malicious LDAP server using arbitrary credentials. This could lead to unauthorized access and data leaks, posing a significant risk to Jenkins deployments. Users are advised to update to the latest version of the plugin to mitigate this issue.

Affected Version(s)

Jenkins LDAP Plugin 676.vfa_64cf6b_b_002

Jenkins LDAP Plugin 671.673.vc045dcdd856b_ < 671.*

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023

CVE-2023-32978 Data

JSON