cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34201,https://securityvulnerability.io/vulnerability/CVE-2022-34201,Missing Permission Check in Jenkins Convertigo Mobile Platform Plugin,"The Jenkins Convertigo Mobile Platform Plugin before version 1.2 is susceptible to a missing permission check. Attackers with Overall/Read access can exploit this weakness to connect to URLs defined by them, potentially leading to unauthorized access or data exfiltration. Proper permission enforcement is essential to secure applications, particularly when integrating with external services.",Jenkins,Jenkins Convertigo Mobile Platform Plugin,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-34199,https://securityvulnerability.io/vulnerability/CVE-2022-34199,Unsecured Password Storage in Jenkins Convertigo Mobile Platform Plugin,The Convertigo Mobile Platform Plugin for Jenkins stores passwords in an unencrypted format within the job config.xml files on the Jenkins controller. This poses a risk as users with Extended Read permissions or direct access to the Jenkins controller's file system can easily view these sensitive passwords. It is crucial for users of this plugin to assess their security posture and consider implementing additional safeguards to protect sensitive information.,Jenkins,Jenkins Convertigo Mobile Platform Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-34200,https://securityvulnerability.io/vulnerability/CVE-2022-34200,Cross-Site Request Forgery Vulnerability in Jenkins Convertigo Mobile Platform Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Convertigo Mobile Platform Plugin version 1.1 and earlier. This vulnerability allows attackers to forge requests that could lead users to unknowingly connect to an attacker-specified URL, which could compromise sensitive data and potentially lead to unauthorized actions on behalf of the user.",Jenkins,Jenkins Convertigo Mobile Platform Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-25210,https://securityvulnerability.io/vulnerability/CVE-2022-25210,Jenkins Convertigo Mobile Platform Plugin Vulnerability Exposes Job Configurations,"The Jenkins Convertigo Mobile Platform Plugin, version 1.1 and earlier, is vulnerable to an insecure direct object reference. This vulnerability occurs when static fields are utilized to store job configuration details, which leads to a situation where users with Item/Configure permissions can potentially access and capture the passwords associated with the job configurations. This poses a significant security risk, allowing unauthorized parties to exploit sensitive information.",Jenkins,Jenkins Convertigo Mobile Platform Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:11:48.000Z,0