PT-2026-55115 · Maven · Com.Rapid7:Jenkinsci-Appspider-Plugin

Published

2026-05-27

·

Updated

2026-05-27

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL.
AppSpider Plugin 1.0.18 requires Overall/Administer permission to use the affected method implementing form validation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

GHSA-9WM7-8QF3-9V98

Affected Products

Com.Rapid7:Jenkinsci-Appspider-Plugin