Vulnerabilities > Jenkins > Appspider
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32998 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Appspider A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | 8.8 |
| 2023-05-16 | CVE-2023-32999 | Incorrect Default Permissions vulnerability in Jenkins Appspider A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | 4.3 |
| 2020-11-04 | CVE-2020-2314 | Insufficiently Protected Credentials vulnerability in Jenkins Appspider Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 |