Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.
AnalysisAI
Missing permission check in Jenkins AppSpider Plugin 1.0.17 and earlier allows any authenticated user with Overall/Read permission to force the Jenkins server to initiate connections to arbitrary attacker-specified URLs via a form validation endpoint. This constitutes a server-side request forgery (SSRF)-class primitive - an attacker can leverage this to probe internal network services, perform port scanning, or interact with internal infrastructure reachable by the Jenkins host. No public exploit has been identified at time of analysis, and CISA SSVC assessment confirms no active exploitation.
Technical ContextAI
The Jenkins AppSpider Plugin integrates Rapid7's AppSpider dynamic application security testing tool with Jenkins CI/CD pipelines. The vulnerability resides in a form validation handler - a Jenkins UI mechanism that validates configuration fields in real time via HTTP. CWE-269 (Improper Privilege Management) identifies the root cause: the validation method executes a privileged network operation (outbound HTTP connection) without verifying that the requesting user holds the necessary permissions (typically Overall/Administer or a dedicated credential permission). Because Jenkins form validation methods are accessible to any authenticated user at the Overall/Read level by default, the permission boundary is effectively bypassed. The CVSS vector AV:N/AC:L/PR:L/UI:N confirms the operation is remotely exploitable over the network with low-privilege credentials and no user interaction required. Affected versions are Jenkins AppSpider Plugin 0 through 1.0.17 inclusive, as documented by ENISA EUVD-2026-32514.
RemediationAI
The primary remediation is to upgrade the Jenkins AppSpider Plugin to a version released after 1.0.17, as the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3671 documents this fix. Note: an exact fixed version number was not independently confirmed in the provided input data - consult the Jenkins Update Center or the linked advisory directly to identify the patched release before deploying. If an immediate upgrade is not possible, a compensating control is to restrict Overall/Read access to fully trusted users only, eliminating the low-privilege attacker prerequisite; this may affect other Jenkins functionality that relies on broad read access. Alternatively, network-level egress filtering on the Jenkins host can limit the usefulness of the SSRF primitive by blocking connections to internal network ranges, though this does not eliminate the underlying vulnerability and may impact legitimate AppSpider scanning workflows.
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive j
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32514
GHSA-9wm7-8qf3-9v98