Jenkins

Appspider

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 27.05.2026 15:16:31
  • Zuletzt bearbeitet 28.05.2026 17:01:11

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.

  • EPSS 0.45%
  • Veröffentlicht 06.03.2024 17:15:10
  • Zuletzt bearbeitet 29.03.2025 00:15:20

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.

  • EPSS 0.5%
  • Veröffentlicht 16.05.2023 17:15:12
  • Zuletzt bearbeitet 23.01.2025 16:15:30

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

  • EPSS 0.51%
  • Veröffentlicht 16.05.2023 17:15:12
  • Zuletzt bearbeitet 23.01.2025 16:15:30

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credent...

  • EPSS 0.32%
  • Veröffentlicht 04.11.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:25:17

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.