cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-1000423,https://securityvulnerability.io/vulnerability/CVE-2018-1000423,,"An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.",Atlassian,Crowd2,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-01-09T23:00:00.000Z,0
CVE-2018-1000422,https://securityvulnerability.io/vulnerability/CVE-2018-1000422,,"An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.",Atlassian,Crowd2,6.5,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2019-01-09T23:00:00.000Z,0