Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery
Moderate severity
GitHub Reviewed
Published
May 16, 2023
to the GitHub Advisory Database
•
Updated Jan 4, 2024
Description
Published by the National Vulnerability Database
May 16, 2023
Published to the GitHub Advisory Database
May 16, 2023
Reviewed
May 17, 2023
Last updated
Jan 4, 2024
Jenkins LDAP Plugin 673.v034ec70ec2b_b_ and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
LDAP Plugin 676.vfa_64cf6b_b_002 requires POST requests for the affected form validation method.
References