cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41255,https://securityvulnerability.io/vulnerability/CVE-2022-41255,Unencrypted API Token Exposure in Jenkins CONS3RT Plugin by CloudBees,"The Jenkins CONS3RT Plugin prior to version 1.0.0 has a significant security flaw where it stores the Cons3rt API token in unencrypted form within the job config.xml files located on the Jenkins controller. This exposure can potentially allow unauthorized users with access to the Jenkins controller's file system to read sensitive credentials, leading to further exploitation of the Jenkins environment.",Jenkins,Jenkins Cons3rt Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-21T15:46:12.000Z,0
CVE-2022-41254,https://securityvulnerability.io/vulnerability/CVE-2022-41254,Missing Permission Checks in Jenkins CONS3RT Plugin Affecting Jenkins Users,"The Jenkins CONS3RT Plugin, up to version 1.0.0, is exposed due to missing permission checks. This flaw enables users with Overall/Read permission to connect to an arbitrary HTTP server with attacker-defined credentials. As a result, it allows malicious actors to capture and exploit sensitive information, including stored credentials in Jenkins, potentially leading to unauthorized access and security breaches.",Jenkins,Jenkins Cons3rt Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-21T15:46:11.000Z,0
CVE-2022-41253,https://securityvulnerability.io/vulnerability/CVE-2022-41253,Cross-Site Request Forgery Vulnerability in Jenkins CONS3RT Plugin,"A cross-site request forgery vulnerability has been identified in the Jenkins CONS3RT Plugin, allowing attackers to connect to a specified HTTP server using credentials that may be exploited through various means. This issue affects versions 1.0.0 and earlier of the CONS3RT Plugin, enabling unauthorized access to stored credentials within Jenkins, which poses a significant risk to the integrity and confidentiality of user data.",Jenkins,Jenkins Cons3rt Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-09-21T15:46:10.000Z,0
CVE-2022-41252,https://securityvulnerability.io/vulnerability/CVE-2022-41252,Missing Permission Checks in Jenkins CONS3RT Plugin,"A vulnerability exists in the Jenkins CONS3RT Plugin that permits users with Overall/Read permission to enumerate credential IDs without adequate permission checks. This flaw could allow unauthorized access to sensitive credential information stored within Jenkins, increasing the risk of token exposure. Organizations using this plugin should evaluate their security posture and apply necessary updates to mitigate potential threats.",Jenkins,Jenkins Cons3rt Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-09-21T15:46:09.000Z,0