CVE-2026-48923
Received Received - Intake
BaseFortify

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: Jenkins Project

Description
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-48923
EUVD
EUVD-2026-32514
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jenkinsci appspider_plugin to 1.0.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The Jenkins AppSpider Plugin version 1.0.17 and earlier contains a vulnerability where it does not perform a permission check in a method that implements form validation. This flaw allows attackers who have Overall/Read permission to connect to a URL specified by the attacker.


How can this vulnerability impact me? :

This vulnerability could allow an attacker with limited permissions (Overall/Read) to make the Jenkins server connect to an attacker-controlled URL. This could potentially be used to perform unauthorized actions such as information disclosure, triggering unwanted network connections, or facilitating further attacks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart