Описание
Jenkins AppSpider Plugin missing permission checks
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
Пакеты
Наименование
com.rapid7:jenkinsci-appspider-plugin
maven
Затронутые версииВерсия исправления
< 1.0.17
1.0.17
Связанные уязвимости
CVSS3: 4.3
nvd
больше 1 года назад
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.