CVE-2023-32999
published 2023-05-16CVE-2023-32999: A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ansible_plugin | — | — |
| jenkins | appspider | <= 1.0.15 | — |
| jenkins | appspider_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | cas_plugin | — | — |
| jenkins | code_dx_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | file_parameter_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_hashicorp_vault_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | loadcomplete_support_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | sidebar_link_plugin | — | — |
| jenkins | tag_profiler_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | testng_report_files_and_displayed_on_the_plugin | — | — |
| jenkins | testng_results_plugin | — | — |
| jenkins_project | jenkins_appspider_plugin | <= 1.0.15 | — |