CVE-2023-32987

Name of the Vulnerable Software and Affected Versions Jenkins Reverse Proxy Auth Plugin versions 1.7.4 and earlier

Description The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. The exploitation of this issue may enable an attacker to perform a CSRF attack.

Recommendations For Jenkins Reverse Proxy Auth Plugin versions 1.7.4 and earlier, update to version 1.7.5 or later, which requires POST requests for the affected form validation method, thus mitigating the CSRF vulnerability.