CVE-2023-32978

Name of the Vulnerable Software and Affected Versions Jenkins LDAP Plugin versions 673.v034ec70ec2b b and earlier

Description A cross-site request forgery (CSRF) vulnerability in the Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. This issue arises because the plugin does not require POST requests for a form validation method.

Recommendations For Jenkins LDAP Plugin versions 673.v034ec70ec2b b and earlier, update to a version that requires POST requests for the affected form validation method, such as LDAP Plugin 676.vfa 64cf6b b 002 or later. As a temporary workaround, consider restricting access to the form validation method to minimize the risk of exploitation.