MEDIUM 4.3
GHSA-9wm7-8qf3-9v98
Jenkins AppSpider Plugin does not perform a permission check in a method implementing form validation
Details
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL.
AppSpider Plugin 1.0.18 requires Overall/Administer permission to use the affected method implementing form validation.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / com.rapid7:jenkinsci-appspider-plugin
Introduced in:
0 Fixed in: 1.0.18 Fix
# pom.xml: bump <version>1.0.18</version> for com.rapid7:jenkinsci-appspider-plugin