CVE-2026-48923
EUVD-2026-3251427.05.2026, 15:16
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| jenkins | appspider | 𝑥 < 1.0.18 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration