cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43435,https://securityvulnerability.io/vulnerability/CVE-2022-43435,Content-Security-Policy Bypass in Jenkins FireLine Plugin by CloudBees,"The Jenkins FireLine Plugin prior to version 1.7.2 contains a vulnerability that allows for the disabling of Content-Security-Policy protection. This weakens security for user-generated content in various contexts, including workspaces and archived artifacts, which may pose a risk as it potentially exposes systems to cross-site scripting (XSS) attacks or other client-side injection vulnerabilities. Users are strongly encouraged to update to the latest version to mitigate this security risk.",Jenkins,Jenkins 360 Fireline Plugin,5.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2019-10466,https://securityvulnerability.io/vulnerability/CVE-2019-10466,,"An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.",Jenkins,Jenkins 360 Fireline Plugin,8.1,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2019-10-23T12:45:41.000Z,0