PT-2026-55122 · Maven · Org.Jenkins-Ci.Plugins:Ldap

Publicado

2026-05-27

·

Atualizado

2026-05-27

CVSS v3.1

6.6

Média

VetorAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals from the configured LDAP server. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution (RCE) on the Jenkins controller if deserialization "gadgets" are available on the classpath.
This allows attackers able to control the configured LDAP server, or able to perform a machine-in-the-middle attack, to execute code on the Jenkins controller.
LDAP Plugin 807.809.vd3a 4e5e4ec98 no longer follows LDAP referrals.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

GHSA-FMJP-MW89-C6H6

Produtos afetados

Org.Jenkins-Ci.Plugins:Ldap