cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32987,https://securityvulnerability.io/vulnerability/CVE-2023-32987,Cross-Site Request Forgery Vulnerability in Jenkins Reverse Proxy Auth Plugin by Jenkins,"The Jenkins Reverse Proxy Auth Plugin version 1.7.4 and earlier is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows attackers to send requests that can connect to an attacker-specified LDAP server by using attacker-provided credentials. Such exploitation can lead to unauthorized access and control over user accounts, making it critical for users of the plugin to ensure their systems are updated and configured properly.",Jenkins,Jenkins Reverse Proxy Auth Plugin,8.8,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2022-45384,https://securityvulnerability.io/vulnerability/CVE-2022-45384,Jenkins Reverse Proxy Auth Plugin Vulnerability Exposing LDAP Manager Password,"The Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier contain a vulnerability wherein the LDAP manager password is stored unencrypted in the global config.xml file. This configuration file is accessible on the Jenkins controller, presenting a risk to sensitive information, as attackers with file system access can potentially retrieve the plaintext password. It is essential for users to update to a secure version to mitigate this risk.",Jenkins,Jenkins Reverse Proxy Auth Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0