CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28155
https://notcve.org/view.php?id=CVE-2024-28155
06 Mar 2024 — Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. El complemento Jenkins AppSpider 1.0.16 y versiones anteriores no realiza comprobaciones de permisos en varios endpoints HTTP, lo que permite a los atacantes con permiso general/lectura obtener información sobre los nombres de configuraciones de escaneo disponibl... • http://www.openwall.com/lists/oss-security/2024/03/06/3 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32999
https://notcve.org/view.php?id=CVE-2023-32999
16 May 2023 — A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32998
https://notcve.org/view.php?id=CVE-2023-32998
16 May 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2314
https://notcve.org/view.php?id=CVE-2020-2314
04 Nov 2020 — Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. Jenkins AppSpider Plugin versiones 1.0.12 y anteriores, almacena una contraseña sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde puede ser visualizado por parte de los usuarios con acceso al sistema de archivos del controlador de Jenkins • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058 • CWE-522: Insufficiently Protected Credentials •