Appspider@* Security Vulnerabilities and Issues — Appspider@* CVE List

Lucene search

JenkinsAppspider*

4 matches found

CVE•added 2024/03/06 5:15 p.m.•62 views

CVE-2024-28155

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.

4.3CVSS6.1AI score0.00038EPSS

CVE•added 2020/11/04 3:15 p.m.•51 views

CVE-2020-2314

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

5.5CVSS5.4AI score0.00011EPSS

CVE•added 2023/05/16 5:15 p.m.•39 views

CVE-2023-32998

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

8.8CVSS8.6AI score0.00348EPSS

CVE•added 2023/05/16 5:15 p.m.•39 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

4.3CVSS4.4AI score0.00133EPSS