GHSA-2c5c-fhr8-pwh9, CVE-2023-32999
maven/com.rapid7/jenkinsci-appspider-plugin
Cross-Site Request Forgery (CSRF)
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
All versions up to 1.0.15
Upgrade to version 1.0.16 or above.
2023-05-17
source |