← Back

Reverse Proxy Auth

reverse_proxy_auth

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Jenkins
1Reverse Proxy Auth
Jun 17, 2026
May 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
1Jenkins
1Reverse Proxy Auth
Jun 17, 2026
Nov 15, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins cont...Show more
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.Show less
1Jenkins
1Reverse Proxy Auth
Nov 21, 2024
Apr 5, 2018
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list o...Show more
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.Show less