CVE-2023-32998: A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
jenkins	ansible_plugin	—	—
jenkins	appspider	<= 1.0.15	—
jenkins	appspider_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	cas_plugin	—	—
jenkins	code_dx_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	file_parameter_plugin	—	—
jenkins	hashicorp_vault_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	improper_masking_of_credentials_in_hashicorp_vault_plugin	—	—
jenkins	job_plugin	—	—
jenkins	ldap_plugin	—	—
jenkins	loadcomplete_support_plugin	—	—
jenkins	ns-nd_integration_performance_publisher_plugin	—	—
jenkins	pipeline_utility_steps_plugin	—	—
jenkins	reverse_proxy_auth_plugin	—	—
jenkins	sidebar_link_plugin	—	—
jenkins	tag_profiler_plugin	—	—
jenkins	testcomplete_support_plugin	—	—
jenkins	testng_report_files_and_displayed_on_the_plugin	—	—
jenkins	testng_results_plugin	—	—
jenkins_project	jenkins_appspider_plugin	<= 1.0.15	—