Описание
Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Пакеты
Наименование
com.rapid7:jenkinsci-appspider-plugin
maven
Затронутые версииВерсия исправления
<= 1.0.15
1.0.16
Связанные уязвимости
CVSS3: 8.8
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.