cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-28676,https://securityvulnerability.io/vulnerability/CVE-2023-28676,Cross-Site Request Forgery Vulnerability in Jenkins Convert To Pipeline Plugin,"The Jenkins Convert To Pipeline Plugin is vulnerable to a cross-site request forgery (CSRF) flaw that allows an attacker to create a Pipeline from an existing Freestyle project. By exploiting this weakness, an attacker could potentially trigger remote code execution (RCE), compromising the integrity and security of the affected Jenkins environment. This vulnerability affects versions 1.0 and earlier, necessitating prompt updates to mitigate risks.",Jenkins,Jenkins Convert To Pipeline Plugin,8.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-28677,https://securityvulnerability.io/vulnerability/CVE-2023-28677,Jenkins Conversion Plugin Vulnerability in Freestyle Projects,"The Jenkins Convert To Pipeline Plugin, version 1.0 and earlier, introduces a security concern where simple string concatenation mechanisms allow for the injection of untrusted Pipeline script code. This vulnerability enables attackers to craft configurations in Freestyle projects that manipulate the conversion process into unsandboxed Pipeline invocations, potentially compromising the integrity of the project configuration and execution.",Jenkins,Jenkins Convert To Pipeline Plugin,9.8,CRITICAL,0.002099999925121665,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0