Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

Affected Packages

Maven org.jenkins-ci.main:reverse-proxy-auth-plugin

Affected versions: 1.7.3 (fixed in 1.7.4)

Related CVEs

CVE-2022-45384

Key Information

GHSA ID

GHSA-wcjj-qm5v-j4pc

Published

November 16, 2022 12:00 PM

Last Modified

April 30, 2025 8:25 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.main:reverse-proxy-auth-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.