cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-46650,https://securityvulnerability.io/vulnerability/CVE-2023-46650,Stored Cross-Site Scripting Vulnerability in Jenkins GitHub Plugin,"The Jenkins GitHub Plugin allows for integration with GitHub repositories. However, versions 1.37.3 and earlier contain a vulnerability where the GitHub project URL in the build page is not properly escaped. This oversight may allow attackers with Item/Configure permissions to execute arbitrary JavaScript in the context of users viewing the build page, leading to potential data exposure and session hijacking. Organizations utilizing affected versions of the plugin are advised to review their user permission settings and consider upgrading to the latest secure version.",Jenkins,Jenkins GitHub Plugin,5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-24442,https://securityvulnerability.io/vulnerability/CVE-2023-24442,Sensitive Credential Exposure in Jenkins GitHub Pull Request Coverage Status Plugin,"The Jenkins GitHub Pull Request Coverage Status Plugin versions prior to 2.2.0 improperly stores sensitive information, including GitHub Personal Access Tokens, Sonar access tokens, and Sonar passwords, in an unencrypted format within the global configuration file on the Jenkins controller. This security oversight allows users with access to the Jenkins controller's file system to potentially view this sensitive information, posing significant risks to the integrity and confidentiality of affected projects.",Jenkins,Jenkins GitHub Pull Request Coverage Status Plugin,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24436,https://securityvulnerability.io/vulnerability/CVE-2023-24436,Unauthorized Credential Enumeration in Jenkins GitHub Pull Request Builder Plugin,"The Jenkins GitHub Pull Request Builder Plugin suffers from a security flaw that allows users with Overall/Read permissions to access and enumerate the IDs of stored credentials in Jenkins. This missing permission verification creates an avenue for attackers to exploit sensitive information, posing a significant risk to user security and data integrity. Keeping the plugin updated and reviewing user permissions are crucial steps to mitigate this vulnerability.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24435,https://securityvulnerability.io/vulnerability/CVE-2023-24435,Missing Permission Check in Jenkins GitHub Pull Request Builder Plugin,"A missing permission check in Jenkins' GitHub Pull Request Builder Plugin allows users with Overall/Read permissions to connect to unauthorized URLs. This vulnerability can be exploited by attackers to gain access to compromised credentials by using credential IDs that they obtain through various means, exposing sensitive data stored within Jenkins.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24434,https://securityvulnerability.io/vulnerability/CVE-2023-24434,Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2022-36885,https://securityvulnerability.io/vulnerability/CVE-2022-36885,Non-constant Time Comparison in Jenkins GitHub Plugin Reveals Weakness,"The Jenkins GitHub Plugin versions 1.34.4 and earlier exhibit a significant security flaw due to the use of a non-constant time comparison function for webhook signatures. This vulnerability allows attackers to leverage statistical methods to discern valid webhook signatures, potentially compromising the integrity of the webhook communications. Such a weakness opens the door for unauthorized actions to be performed on behalf of users, highlighting the critical need for timely updates and patching to enhance the security of Jenkins installations.",Jenkins,Jenkins Github Plugin,5.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2022-07-27T14:21:38.000Z,0
CVE-2020-2212,https://securityvulnerability.io/vulnerability/CVE-2020-2212,,Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.,Jenkins,Jenkins Github Coverage Reporter Plugin,4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-07-02T14:55:37.000Z,0
CVE-2020-2118,https://securityvulnerability.io/vulnerability/CVE-2020-2118,,A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Pipeline Github Notify Step Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:44.000Z,0
CVE-2020-2117,https://securityvulnerability.io/vulnerability/CVE-2020-2117,,"A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Pipeline Github Notify Step Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:43.000Z,0
CVE-2020-2116,https://securityvulnerability.io/vulnerability/CVE-2020-2116,,"A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Pipeline Github Notify Step Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2020-02-12T14:35:43.000Z,0
CVE-2019-10315,https://securityvulnerability.io/vulnerability/CVE-2019-10315,,Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.,Jenkins,Jenkins Github Authentication Plugin,8.8,HIGH,0.0031900000758469105,false,,false,false,false,,,false,false,,2019-04-30T12:25:17.000Z,0
CVE-2019-1003019,https://securityvulnerability.io/vulnerability/CVE-2019-1003019,,An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,Jenkins,Jenkins Github Authentication Plugin,5.9,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0
CVE-2019-1003018,https://securityvulnerability.io/vulnerability/CVE-2019-1003018,,"An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.",Jenkins,Jenkins Github Authentication Plugin,4.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0
CVE-2018-1000600,https://securityvulnerability.io/vulnerability/CVE-2018-1000600,,"A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Github,8.8,HIGH,0.956250011920929,false,,false,false,false,,,false,false,,2018-06-26T17:29:00.000Z,0
CVE-2018-1000183,https://securityvulnerability.io/vulnerability/CVE-2018-1000183,,"A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Github,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0
CVE-2018-1000185,https://securityvulnerability.io/vulnerability/CVE-2018-1000185,,A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,Jenkins,Github Branch Source,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0
CVE-2018-1000184,https://securityvulnerability.io/vulnerability/CVE-2018-1000184,,A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,Jenkins,Github,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0
CVE-2018-1000186,https://securityvulnerability.io/vulnerability/CVE-2018-1000186,,"A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Github Pull Request Builder,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0
CVE-2018-1000142,https://securityvulnerability.io/vulnerability/CVE-2018-1000142,,An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.,Jenkins,Github Pull Request Builder,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-04-05T13:29:00.000Z,0
CVE-2018-1000143,https://securityvulnerability.io/vulnerability/CVE-2018-1000143,,An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.,Jenkins,Github Pull Request Builder,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-04-05T13:29:00.000Z,0
CVE-2017-1000091,https://securityvulnerability.io/vulnerability/CVE-2017-1000091,,"GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.",Jenkins,Github Branch Source,6.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2017-10-05T01:29:00.000Z,0
CVE-2017-1000087,https://securityvulnerability.io/vulnerability/CVE-2017-1000087,,"GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.",Jenkins,Github Branch Source,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2017-10-05T01:29:00.000Z,0