Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/05/27 2:13 p.m.40 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1446

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00509EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5198

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1048

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.0045EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1628

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00502EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.8 views

CVE-2024-28155

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

4.3CVSS6.3AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.8 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4.3CVSS6.5AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.8 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS6.7AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:20 p.m.11 views

CVE-2020-2314

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.5CVSS6.9AI score0.00324EPSS
Exploits0
Prion
Prion
added 2024/03/06 5:15 p.m.27 views

Design/Logic Flaw

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

6.2AI score0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.12 views

Jenkins AppSpider Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A security vulnerability ...

4.3CVSS6.5AI score0.0045EPSS
Exploits0References2
OSV
OSV
added 2023/05/16 5:15 p.m.3 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS7.3AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 5:15 p.m.21 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS8.7AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.13 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

6.5AI score0.00509EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.11 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

7AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.23 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.9AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.4 views

Jenkins AppSpider Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS7.8AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2020/11/04 3:15 p.m.4 views

CVE-2020-2314

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.5CVSS5.8AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.5 views

PT-2020-15547 · Jenkins · Jenkins Appspider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AppSpider Plugin versions 1.0.12 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This password can be viewed by users with access...

5.5CVSS5.4AI score0.00324EPSS
Exploits0References7
Rows per page
Query Builder