CVE-2026-48923
published 2026-05-27CVE-2026-48923: Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory | — | — |
| jenkins | active_directory_plugin | — | — |
| jenkins | appspider | < 1.0.18 | 1.0.18 |
| jenkins | appspider | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | bitbucket_oauth | — | — |
| jenkins | bitbucket_oauth_plugin | — | — |
| jenkins | credentials_binding | — | — |
| jenkins | credentials_binding_plugin | — | — |
| jenkins | email_extension | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | github_integration | — | — |
| jenkins | github_integration_plugin | — | — |
| jenkins | groovy_libraries | — | — |
| jenkins | groovy_libraries_plugin | — | — |
| jenkins | job_import | — | — |
| jenkins | job_import_plugin | — | — |
| jenkins | ldap | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | ldap_referrals_in_active_directory | — | — |
| jenkins | ldap_referrals_in_active_directory_plugin | — | — |
| jenkins | multijob | — | — |
| jenkins | multijob_plugin | — | — |
| jenkins_project | jenkins_appspider_plugin | <= 1.0.17 | — |