cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32982,https://securityvulnerability.io/vulnerability/CVE-2023-32982,Unencrypted Variable Storage Vulnerability in Jenkins Ansible Plugin by Jenkins,"The Jenkins Ansible Plugin prior to version 204.v8191fd551eb_f exhibits a vulnerability where extra variables are stored in unencrypted form within job config.xml files on the Jenkins controller. This creates a security risk as these files may be accessed by users possessing Item/Extended Read permission or direct access to the Jenkins controller file system, enabling unauthorized access to sensitive configuration data.",Jenkins,Jenkins Ansible Plugin,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2023-32983,https://securityvulnerability.io/vulnerability/CVE-2023-32983,Insecure Configuration Exposure in Jenkins Ansible Plugin,"The Jenkins Ansible Plugin fails to adequately mask sensitive extra variables in its configuration form, potentially allowing unauthorized users to view and capture this information. This vulnerability poses a significant risk as attackers could exploit the exposed variables, leading to further breaches or malicious actions within the Jenkins environment. For more detailed information, refer to the Jenkins Security Advisory issued on May 16, 2023.",Jenkins,Jenkins Ansible Plugin,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2020-2310,https://securityvulnerability.io/vulnerability/CVE-2020-2310,,Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,Jenkins,Jenkins Ansible Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-04T14:35:41.000Z,0
CVE-2019-10310,https://securityvulnerability.io/vulnerability/CVE-2019-10310,,"A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins",Jenkins,Jenkins Ansible Tower Plugin,8.8,HIGH,0.002839999971911311,false,,false,false,false,,,false,false,,2019-04-30T12:25:17.000Z,0
CVE-2019-10311,https://securityvulnerability.io/vulnerability/CVE-2019-10311,,"A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Ansible Tower Plugin,8.8,HIGH,0.0031799999997019768,false,,false,false,false,,,false,false,,2019-04-30T12:25:17.000Z,0
CVE-2019-10312,https://securityvulnerability.io/vulnerability/CVE-2019-10312,,A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Ansible Tower Plugin,4.3,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2019-04-30T12:25:17.000Z,0