VDB
KO
MEDIUM 4.3

GHSA-9wm7-8qf3-9v98

Jenkins AppSpider Plugin does not perform a permission check in a method implementing form validation

Details

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

AppSpider Plugin 1.0.18 requires Overall/Administer permission to use the affected method implementing form validation.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / com.rapid7:jenkinsci-appspider-plugin
Introduced in: 0 Fixed in: 1.0.18
Fix # pom.xml: bump <version>1.0.18</version> for com.rapid7:jenkinsci-appspider-plugin

References