CVE-2023-32978

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins LDAP Plugin676.vfa_64cf6b_b_002 < *unaffected
Jenkins ProjectJenkins LDAP Plugin671.673.vc045dcdd856b_ < 671.*unaffected
Jenkins ProjectJenkins LDAP Plugin2.10.1 < 2.10.*unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References