The Jenkins LDAP Plugin, versions 807.v7d7de30930cf and earlier, implements LDAP referral following. When a query receives a referral response, the plugin automatically redirects the search to the referred server without user intervention. This behavior can be leveraged if an attacker controls an external LDAP server or can craft referrals to an internal resource, potentially exposing sensitive directory information or redirecting queries to malicious endpoints. The impact is consistent with a vulnerability that may lead to unauthorized disclosure of directory contents and could facilitate further attacks on the system’s authentication mechanisms.

All installations of the Jenkins LDAP Plugin with versions 807.v7d7de30930cf or earlier from the Jenkins Project are affected. The plugin is commonly used in Jenkins environments that perform LDAP authentication. No newer version is known to mitigate the issue.

The CVSS score of 6.6 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation data. The likely attack vector involves an adversary manipulating LDAP referral responses, possibly via a compromised LDAP server or an internal domain controller. The vulnerability requires the plugin to be active and configured to follow referrals; it does not allow arbitrary code execution or privilege escalation by itself, but it can provide attackers an additional surface for reconnaissance or targeted data exposure within the LDAP namespace.