cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24434,https://securityvulnerability.io/vulnerability/CVE-2023-24434,Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24435,https://securityvulnerability.io/vulnerability/CVE-2023-24435,Missing Permission Check in Jenkins GitHub Pull Request Builder Plugin,"A missing permission check in Jenkins' GitHub Pull Request Builder Plugin allows users with Overall/Read permissions to connect to unauthorized URLs. This vulnerability can be exploited by attackers to gain access to compromised credentials by using credential IDs that they obtain through various means, exposing sensitive data stored within Jenkins.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24436,https://securityvulnerability.io/vulnerability/CVE-2023-24436,Unauthorized Credential Enumeration in Jenkins GitHub Pull Request Builder Plugin,"The Jenkins GitHub Pull Request Builder Plugin suffers from a security flaw that allows users with Overall/Read permissions to access and enumerate the IDs of stored credentials in Jenkins. This missing permission verification creates an avenue for attackers to exploit sensitive information, posing a significant risk to user security and data integrity. Keeping the plugin updated and reviewing user permissions are crucial steps to mitigate this vulnerability.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2018-1000186,https://securityvulnerability.io/vulnerability/CVE-2018-1000186,,"A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Github Pull Request Builder,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0
CVE-2018-1000142,https://securityvulnerability.io/vulnerability/CVE-2018-1000142,,An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.,Jenkins,Github Pull Request Builder,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-04-05T13:29:00.000Z,0
CVE-2018-1000143,https://securityvulnerability.io/vulnerability/CVE-2018-1000143,,An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.,Jenkins,Github Pull Request Builder,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-04-05T13:29:00.000Z,0