CVE-2024-28155
- EPSS 0.05%
- Published 06.03.2024 17:15:10
- Last modified 29.03.2025 00:15:20
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVE-2023-32998
- EPSS 0.35%
- Published 16.05.2023 17:15:12
- Last modified 23.01.2025 16:15:30
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
CVE-2023-32999
- EPSS 0.13%
- Published 16.05.2023 17:15:12
- Last modified 23.01.2025 16:15:30
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credent...
CVE-2020-2314
- EPSS 0.01%
- Published 04.11.2020 15:15:12
- Last modified 21.11.2024 05:25:17
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.