Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins appspider vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-2314
Jenkins AppSpider Plugin 1.0.12 and previous versions stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Appspider
4.3
CVSSv3
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Jenkins Appspider
8.8
CVSSv3
CVE-2023-32998
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and previous versions allows malicious users to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Jenkins Appspider
NA
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started