cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-25209,https://securityvulnerability.io/vulnerability/CVE-2022-25209,XML External Entity Vulnerability in Jenkins Chef Sinatra Plugin,"The Jenkins Chef Sinatra Plugin, versions 1.20 and earlier, is susceptible to XML external entity (XXE) attacks due to improper configuration of its XML parser. This vulnerability allows an attacker to interfere with the parsing of XML documents, which can potentially lead to the exposure of confidential data, file retrieval, and server-side request forgery. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability.",Jenkins,Jenkins Chef Sinatra Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-15T16:11:46.000Z,0
CVE-2022-25208,https://securityvulnerability.io/vulnerability/CVE-2022-25208,Missing Permission Check in Jenkins Chef Sinatra Plugin,"A flaw in the Jenkins Chef Sinatra Plugin allows users with Overall/Read permissions to exploit a missing permission check. This vulnerability enables attackers to direct Jenkins to execute HTTP requests to their own URLs, potentially facilitating the parsing of sensitive XML responses. It opens up risks for further attacks against the Jenkins server and its configurations.",Jenkins,Jenkins Chef Sinatra Plugin,8.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-02-15T16:11:45.000Z,0
CVE-2022-25207,https://securityvulnerability.io/vulnerability/CVE-2022-25207,Cross-Site Request Forgery in Jenkins Chef Sinatra Plugin,"A cross-site request forgery (CSRF) vulnerability found in the Jenkins Chef Sinatra Plugin version 1.20 and earlier enables attackers to send unauthorized requests. This flaw allows malicious actors to make Jenkins execute HTTP requests to attacker-controlled URLs, which could lead to the parsing of an XML response from these potentially harmful sources.",Jenkins,Jenkins Chef Sinatra Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-02-15T16:11:43.000Z,0
CVE-2019-1003086,https://securityvulnerability.io/vulnerability/CVE-2019-1003086,,A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,Jenkins,Jenkins Chef Sinatra Plugin,6.5,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2019-04-04T15:38:49.000Z,0
CVE-2019-1003087,https://securityvulnerability.io/vulnerability/CVE-2019-1003087,,A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,Jenkins,Jenkins Chef Sinatra Plugin,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2019-04-04T15:38:49.000Z,0