cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28148,https://securityvulnerability.io/vulnerability/CVE-2022-28148,Path Traversal Vulnerability in Jenkins Continuous Integration with Toad Edge Plugin,"The file browser component in Jenkins Continuous Integration, specifically in the Toad Edge Plugin version 2.3 and earlier, contains a vulnerability that allows for path traversal on Windows systems. This occurs when the file browser misinterprets certain file paths as absolute, enabling attackers with Item/Read permissions to access and extract content from files across the Windows controller environment. This flaw underscores the necessity for diligent management of plugin vulnerabilities to safeguard sensitive data.",Jenkins,Jenkins Continuous Integration With Toad Edge Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-29T12:31:08.000Z,0
CVE-2022-28147,https://securityvulnerability.io/vulnerability/CVE-2022-28147,Missing Permission Check in Jenkins Continuous Integration with Toad Edge Plugin,"A security flaw exists in the Toad Edge Plugin for Jenkins Continuous Integration, where a missing permission check allows users with Overall/Read permissions to verify the existence of any specified file path on the Jenkins controller's file system. This could potentially lead to information disclosure and unauthorized access to sensitive file locations, making it crucial for administrators to implement necessary updates to bolster system security.",Jenkins,Jenkins Continuous Integration With Toad Edge Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:31:07.000Z,0
CVE-2022-28146,https://securityvulnerability.io/vulnerability/CVE-2022-28146,File Reading Vulnerability in Jenkins with Toad Edge Plugin,"The Toad Edge Plugin for Jenkins allows users with Item/Configure permissions to exploit a security flaw that permits reading arbitrary files from the Jenkins controller. By providing a specific input folder as a parameter during build steps, attackers can access sensitive files, potentially leading to unauthorized disclosure of information. This vulnerability emphasizes the importance of securing access permissions within Jenkins environments.",Jenkins,Jenkins Continuous Integration With Toad Edge Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-29T12:31:05.000Z,0
CVE-2022-28145,https://securityvulnerability.io/vulnerability/CVE-2022-28145,Stored Cross-Site Scripting Flaw in Jenkins with Toad Edge Plugin,"The Jenkins Continuous Integration platform, when used with the Toad Edge Plugin version 2.3 and earlier, is vulnerable to a stored cross-site scripting (XSS) attack. This vulnerability arises due to the absence of Content-Security-Policy headers in the report files served by Jenkins, allowing attackers with Item/Configure permissions, or those able to manipulate report contents, to inject malicious scripts. Exploiting this vulnerability can compromise the integrity of user data and affect web application security.",Jenkins,Jenkins Continuous Integration With Toad Edge Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:31:03.000Z,0