cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-28155,https://securityvulnerability.io/vulnerability/CVE-2024-28155,Jenkins AppSpider Plugin vulnerability allows attackers to access sensitive information,"Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.",Jenkins,Jenkins Appspider Plugin,,,0.0004299999854993075,false,false,false,false,,false,false,2024-03-06T17:01:58.080Z,0
CVE-2023-32999,https://securityvulnerability.io/vulnerability/CVE-2023-32999,,A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.,Jenkins,Jenkins AppSpider Plugin,4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-05-16T17:15:00.000Z,0
CVE-2023-32998,https://securityvulnerability.io/vulnerability/CVE-2023-32998,Cross-Site Request Forgery in Jenkins AppSpider Plugin,"A cross-site request forgery (CSRF) vulnerability in the Jenkins AppSpider Plugin allows attackers to manipulate user sessions. Specifically, the flaw enables threat actors to connect to a configured malicious URL and send crafted HTTP POST requests that might include unauthorized JSON payloads with credentials specified by the attacker. This vulnerability can lead to unauthorized access and actions being taken on behalf of vulnerable users, potentially compromising the security of Jenkins environments.",Jenkins,Jenkins AppSpider Plugin,8.8,HIGH,0.001069999998435378,false,false,false,false,,false,false,2023-05-16T17:15:00.000Z,0
CVE-2020-2314,https://securityvulnerability.io/vulnerability/CVE-2020-2314,,Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,Jenkins,Jenkins Appspider Plugin,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-11-04T14:35:43.000Z,0