Primary

Context

Jenkins AppSpider Plugin Missing Permission Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jenkins AppSpider Plugin in versions through 1.0.17, where the plugin fails to implement proper permission checks in a method that handles form validation. This oversight allows attackers with Overall/Read permission to connect to a URL of their choice.

Impact

Exploitation of this vulnerability could lead to unauthorized access or actions being performed on behalf of the user with Overall/Read permission.

Remediation

Users of the Jenkins AppSpider Plugin should update to version 1.0.18, which addresses this vulnerability by requiring Overall/Administer permission to use the affected form validation method.

Added: May 27, 2026, 4:12 PM

Updated: May 27, 2026, 4:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins AppSpider Plugin Missing Permission Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins AppSpider Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating