6 matches found
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-32999
creationtimestamp| type| source ---|---|--- 2023-05-16 20:30:47+00:00| seen| https://t.me/cibsecurity/64233 2025-01-23 16:02:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2750...
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-32999
Summary (CVE-2023-32999) : Jenkins AppSpider Plugin 1.0.15 and earlier contains a missing permission check in a form validation path. This allows users with Overall/Read permission to reach an attacker-controlled URL and issue an HTTP POST with a JSON payload containing attacker-supplied credenti...