Skip to main content

Reverse Proxy Auth

3 CVEs product

Monthly

CVE-2023-32987 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Reverse Proxy Auth
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45384 Maven MEDIUM PATCH This Month

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Reverse Proxy Auth
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2018-1000150 Maven LOW PATCH Monitor

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Reverse Proxy Auth
NVD
CVSS 3.0
3.3
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Reverse Proxy Auth
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Reverse Proxy Auth
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Reverse Proxy Auth
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy