cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40341,https://securityvulnerability.io/vulnerability/CVE-2023-40341,Cross-Site Request Forgery Vulnerability in Jenkins Blue Ocean Plugin by Jenkins,"A cross-site request forgery (CSRF) issue in the Jenkins Blue Ocean Plugin versions up to 1.27.5 enables attackers to exploit the plugin's functionality. By tricking users into making a request to an attacker-specified URL, this vulnerability can lead to unauthorized access to sensitive GitHub credentials associated with specific jobs in Jenkins. This poses significant risks for users who may inadvertently expose their credentials, allowing for potential misuse of access to repositories.",Jenkins,Jenkins Blue Ocean Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-08-16T15:15:00.000Z,0
CVE-2022-30954,https://securityvulnerability.io/vulnerability/CVE-2022-30954,Insufficient Permission Checks in Jenkins Blue Ocean Plugin,"The Jenkins Blue Ocean Plugin fails to perform necessary permission checks in several HTTP endpoints. This flaw enables attackers who possess Overall/Read permissions to connect to an HTTP server of their choosing, potentially exposing sensitive data and resources. Users of affected versions should update to secure endpoints against unauthorized access.",Jenkins,Jenkins Blue Ocean Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-05-17T14:06:21.000Z,0
CVE-2022-30953,https://securityvulnerability.io/vulnerability/CVE-2022-30953,Cross-Site Request Forgery in Jenkins Blue Ocean Plugin by Jenkins,"A cross-site request forgery (CSRF) vulnerability exists in Jenkins Blue Ocean Plugin version 1.25.3 and earlier. This flaw could allow attackers to make unauthorized requests, potentially leading to interaction with an attacker-specified HTTP server. Effective mitigation is essential to safeguard systems from such exploits, which can compromise user data and system integrity.",Jenkins,Jenkins Blue Ocean Plugin,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2022-05-17T14:06:18.000Z,0
CVE-2022-30952,https://securityvulnerability.io/vulnerability/CVE-2022-30952,Pipeline SCM API Vulnerability in Jenkins Blue Ocean Plugin,"The Jenkins Blue Ocean Plugin, specifically the Pipeline SCM API, allows unauthorized access to sensitive credentials stored in per-user credential stores. Attackers with Job/Configure permissions can exploit this vulnerability to retrieve credentials belonging to any user by specifying arbitrary credential IDs. This poses significant risks to the security of the Jenkins environment, potentially leading to further attacks or data breaches.",Jenkins,Jenkins Pipeline Scm Api For Blue Ocean Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-05-17T00:00:00.000Z,0
CVE-2020-2255,https://securityvulnerability.io/vulnerability/CVE-2020-2255,,A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.,Jenkins,Jenkins Blue Ocean Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-16T13:20:40.000Z,0
CVE-2020-2254,https://securityvulnerability.io/vulnerability/CVE-2020-2254,,"Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.",Jenkins,Jenkins Blue Ocean Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2020-09-16T13:20:39.000Z,0
CVE-2019-1003012,https://securityvulnerability.io/vulnerability/CVE-2019-1003012,,"A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.",Jenkins,Jenkins Blue Ocean Plugins,6.5,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2019-02-06T16:00:00.000Z,0
CVE-2019-1003013,https://securityvulnerability.io/vulnerability/CVE-2019-1003013,,"An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.",Jenkins,Jenkins Blue Ocean Plugins,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2019-02-06T16:00:00.000Z,0