Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
appspider vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2019-5647
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it wa...
Rapid7 Appspider
5.5
CVSSv3
CVE-2020-2314
Jenkins AppSpider Plugin 1.0.12 and previous versions stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Appspider
8.8
CVSSv3
CVE-2023-32998
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and previous versions allows malicious users to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Jenkins Appspider
4.3
CVSSv3
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Jenkins Appspider
6.5
CVSSv3
CVE-2020-7358
In AppSpider installer versions before 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called dur...
Rapid7 Appspider
7.8
CVSSv3
CVE-2017-5233
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Appspider Pro
7.8
CVSSv3
CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Appspider Pro
7.5
CVSSv3
CVE-2017-5240
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.
Rapid7 Appspider Pro
NA
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started