cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24458,https://securityvulnerability.io/vulnerability/CVE-2023-24458,CSRF Vulnerability in Jenkins BearyChat Plugin by Jenkins,"The Jenkins BearyChat Plugin suffers from a Cross-Site Request Forgery (CSRF) vulnerability, allowing attackers to execute malicious requests by connecting to a user-specified URL without their consent. This issue affects versions 3.0.2 and earlier, highlighting the importance of ensuring that users are aware of their session management practices and the potential risks associated with such vulnerabilities.",Jenkins,Jenkins BearyChat Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24459,https://securityvulnerability.io/vulnerability/CVE-2023-24459,Missing Permission Check in Jenkins BearyChat Plugin by Jenkins,"The Jenkins BearyChat Plugin prior to version 3.0.3 exhibits a significant security flaw due to a missing permission check. This vulnerability allows attackers with Overall/Read permissions to connect to arbitrary URLs specified by the attacker, potentially leading to unauthorized access and data exfiltration. It is crucial for Jenkins users to update to the latest version to mitigate this risk effectively.",Jenkins,Jenkins BearyChat Plugin,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0