CVE-2024-28155 Information

Mar 07, 2024 cve

Description

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints allowing attackers with Overall/Read permission to obtain information about available scan config names engine group names and client names.

Reference

https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3144

Share on: