cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41945,https://securityvulnerability.io/vulnerability/CVE-2023-41945,Authorization Misconfiguration in Jenkins Assembla Auth Plugin by Jenkins,"The Jenkins Assembla Auth Plugin versions up to 1.14 exhibit a serious flaw where the system does not adequately verify permissions granted to users. As a result, users who should only have EDIT permissions can unintentionally acquire Overall/Manage and Overall/SystemRead permissions. This oversight can lead to unauthorized access and control over Jenkins configurations, posing significant security risks to the application and its data integrity.",Jenkins,Jenkins Assembla Auth Plugin,8.8,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2023-37961,https://securityvulnerability.io/vulnerability/CVE-2023-37961,Cross-Site Request Forgery Vulnerability in Jenkins Assembla Auth Plugin,"A cross-site request forgery vulnerability has been identified in the Assembla Auth Plugin for Jenkins, affecting versions 1.14 and earlier. This issue enables attackers to potentially deceive users into executing unintended actions, which could lead to unauthorized login to the attacker's account. With this vulnerability, the integrity of user sessions is compromised, making it a significant security concern for Jenkins users relying on this plugin.",Jenkins,Jenkins Assembla Auth Plugin,8.8,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2023-07-12T16:15:00.000Z,0
CVE-2019-10280,https://securityvulnerability.io/vulnerability/CVE-2019-10280,,Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,Jenkins,Jenkins Assembla Auth Plugin,8.8,HIGH,0.0031799999997019768,false,false,false,false,,false,false,2019-04-04T15:38:49.000Z,0