cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37962,https://securityvulnerability.io/vulnerability/CVE-2023-37962,Cross-Site Request Forgery in Jenkins Benchmark Evaluator Plugin,"A CSRF vulnerability in the Jenkins Benchmark Evaluator Plugin allows attackers to perform unauthorized actions by sending crafted requests. This flaw enables them to connect to arbitrary URLs and to verify the existence of directories and specific file types, such as `.csv` and `.ycsb`, within the Jenkins controller's file system. By exploiting this vulnerability, an attacker could potentially expose sensitive information and compromise the integrity of the Jenkins environment.",Jenkins,Jenkins Benchmark Evaluator Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2023-37963,https://securityvulnerability.io/vulnerability/CVE-2023-37963,Missing Permission Check in Jenkins Benchmark Evaluator Plugin,"The Jenkins Benchmark Evaluator Plugin before version 1.0.1 is susceptible to a missing permission check, allowing users with Overall/Read permissions to interact with user-defined URLs. This flaw enables attackers to probe the Jenkins controller's file system for specific directory structures and file types, specifically targeting '.csv' and '.ycsb' files. Exploitation of this vulnerability could lead to unauthorized information disclosure, posing significant risks to the integrity of the Jenkins environment.",Jenkins,Jenkins Benchmark Evaluator Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0