CVE-2023-32998

GHSA-vgfw-766v-7q82, CVE-2023-32998

maven/com.rapid7/jenkinsci-appspider-plugin

Cross-Site Request Forgery (CSRF)

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

All versions up to 1.0.15

Upgrade to version 1.0.16 or above.

2023-05-17