{
  "id": "CVE-2024-28155",
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "published": "2024-03-06T17:15:10.787",
  "lastModified": "2024-03-06T21:42:54.697",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names."
    },
    {
      "lang": "es",
      "value": "El complemento Jenkins AppSpider 1.0.16 y versiones anteriores no realiza comprobaciones de permisos en varios endpoints HTTP, lo que permite a los atacantes con permiso general/lectura obtener informaci\u00f3n sobre los nombres de configuraciones de escaneo disponibles, nombres de grupos de motores y nombres de clientes."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3144",
      "source": "jenkinsci-cert@googlegroups.com"
    }
  ]
}