CVE-2023-32999

Cross-Site Request Forgery (CSRF) in maven/com.rapid7/jenkinsci-appspider-plugin

Identifiers

GHSA-2c5c-fhr8-pwh9, CVE-2023-32999

Package Slug

maven/com.rapid7/jenkinsci-appspider-plugin

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

Affected Versions

All versions up to 1.0.15

Solution

Upgrade to version 1.0.16 or above.

Last Modified

2023-05-17

source