Product
jenkins appspider
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-48923
CVE-2024-28155
CVE-2023-32999
CVE-2023-32998
CVE-2020-2314
CVE-2020-7358
CVE-2019-5647
< 1.0.18
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing
< 1.0.17
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with
<= 1.0.15
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect
<= 1.0.15
A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an
<= 1.0.12
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controll
< 7.2.126
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropria
<= 3.8.213
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart