This page lists publicly disclosed CVE vulnerabilities affecting jenkins appspider (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-48923 | Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL. | [email protected] | 4.3 | 0.19% | 2026-05-27 | 2026-06-17 |
| CVE-2024-28155 | Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | [email protected] | 4.3 | 0.45% | 2024-03-06 | 2026-06-17 |
| CVE-2023-32999 | A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | [email protected] | 4.3 | 0.51% | 2023-05-16 | 2026-06-17 |
| CVE-2023-32998 | A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | [email protected] | 8.8 | 0.50% | 2023-05-16 | 2026-06-17 |
| CVE-2020-2314 | Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | [email protected] | 5.5 | 0.32% | 2020-11-04 | 2026-06-16 |