cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-39459,https://securityvulnerability.io/vulnerability/CVE-2024-39459,Unencrypted Secret File Credentials Stored on Jenkins Controller File System,"In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).",Jenkins,Jenkins Plain Credentials Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-26T17:06:27.043Z,0
CVE-2023-25767,https://securityvulnerability.io/vulnerability/CVE-2023-25767,Cross-Site Request Forgery Vulnerability in Jenkins Azure Credentials Plugin,"A vulnerability in the Azure Credentials Plugin for Jenkins allows for cross-site request forgery, enabling attackers to connect to malicious web servers by exploiting the trust that the Jenkins application has in the user's session. This could result in unauthorized actions being performed without the user's consent, representing a significant security risk for Jenkins users.",Jenkins,Jenkins Azure Credentials Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2023-25766,https://securityvulnerability.io/vulnerability/CVE-2023-25766,Missing Permission Check in Jenkins Azure Credentials Plugin,"The Jenkins Azure Credentials Plugin suffers from a missing permission check, enabling attackers with Overall/Read permission to enumerate the IDs of credentials stored within Jenkins. This flaw poses a security risk as it allows unauthorized access to sensitive credential information, potentially leading to further exploits within the Jenkins environment.",Jenkins,Jenkins Azure Credentials Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2023-25768,https://securityvulnerability.io/vulnerability/CVE-2023-25768,Insecure Permission Handling in Jenkins Azure Credentials Plugin,"The Azure Credentials Plugin for Jenkins exhibits a vulnerability due to a missing permission check that could allow users with Overall/Read permissions to connect to an attacker-defined web server. This flaw could be exploited by malicious actors to perform unauthorized actions, highlighting the need for urgent updates and security assessments within Jenkins environments utilizing this plugin.",Jenkins,Jenkins Azure Credentials Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2023-24425,https://securityvulnerability.io/vulnerability/CVE-2023-24425,Kubernetes Credentials Exposure in Jenkins Plugin,"The Jenkins Kubernetes Credentials Provider Plugin versions prior to 1.208.v128ee9800c04 are susceptible to a vulnerability that fails to properly set the context for Kubernetes credentials lookup. This oversight permits attackers with 'Item/Configure' permissions to access and capture Kubernetes credentials they shouldn't have access to, posing a significant security risk for users managing containerized applications.",Jenkins,Jenkins Kubernetes Credentials Provider Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2022-29036,https://securityvulnerability.io/vulnerability/CVE-2022-29036,Cross-Site Scripting Vulnerability in Jenkins Credentials Plugin,"The Jenkins Credentials Plugin prior to version 1111.v35a_307992395 fails to properly escape the names and descriptions of Credential parameters in certain views. This oversight allows attackers with Item/Configure permissions to exploit the vulnerability, potentially leading to stored cross-site scripting attacks. By utilizing crafted credentials, an attacker could execute arbitrary scripts in the context of users accessing the affected views, increasing the risk of further security compromises.",Jenkins,Jenkins Credentials Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-12T00:00:00.000Z,0
CVE-2022-27199,https://securityvulnerability.io/vulnerability/CVE-2022-27199,Missing Permission Check in Jenkins CloudBees AWS Credentials Plugin,"The Jenkins CloudBees AWS Credentials Plugin has a vulnerability due to a missing permission check, enabling attackers with Overall/Read permission to connect to AWS services using an attacker-specified token. This could lead to unauthorized access and potential exploitation of AWS resources, compromising the security of the hosting environment.",Jenkins,Jenkins Cloudbees Aws Credentials Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-15T16:45:43.000Z,0
CVE-2022-27198,https://securityvulnerability.io/vulnerability/CVE-2022-27198,CSRF Vulnerability in Jenkins CloudBees AWS Credentials Plugin,"A cross-site request forgery (CSRF) vulnerability has been identified in the Jenkins CloudBees AWS Credentials Plugin, enabling attackers with Overall/Read permission to initiate actions on AWS services using an attacker-defined token. This security flaw could allow unauthorized access, potentially compromising AWS credentials and exposing sensitive data.",Jenkins,Jenkins Cloudbees Aws Credentials Plugin,8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-03-15T16:45:41.000Z,0
CVE-2022-20616,https://securityvulnerability.io/vulnerability/CVE-2022-20616,Insufficient Permission Check in Jenkins Credentials Binding Plugin,"The Jenkins Credentials Binding Plugin versions 1.27 and earlier are susceptible to an improper permission check in a method responsible for form validation. This flaw enables attackers with Overall/Read access to ascertain whether a given credential ID corresponds to a secret file credential and to determine if the associated file is a zip file. This vulnerability could potentially lead to exposure of sensitive credential information, making it crucial for users of the plugin to update to non-vulnerable versions to maintain their security posture.",Jenkins,Jenkins Credentials Binding Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-12T19:05:51.000Z,0
CVE-2021-21648,https://securityvulnerability.io/vulnerability/CVE-2021-21648,,"Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.",Jenkins,Jenkins Credentials Plugin,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-05-11T14:15:20.000Z,0
CVE-2021-21625,https://securityvulnerability.io/vulnerability/CVE-2021-21625,,"Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.",Jenkins,Jenkins Cloudbees Aws Credentials Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-03-18T13:35:23.000Z,0
CVE-2020-2182,https://securityvulnerability.io/vulnerability/CVE-2020-2182,,"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.",Jenkins,Jenkins Credentials Binding Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-06T12:45:23.000Z,0
CVE-2020-2181,https://securityvulnerability.io/vulnerability/CVE-2020-2181,,"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.",Jenkins,Jenkins Credentials Binding Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-05-06T12:45:22.000Z,0
CVE-2019-10436,https://securityvulnerability.io/vulnerability/CVE-2019-10436,,An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.,Jenkins,Jenkins Google Oauth Credentials Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2019-10-16T13:00:44.000Z,0
CVE-2019-10320,https://securityvulnerability.io/vulnerability/CVE-2019-10320,,"Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.",Jenkins,Jenkins Credentials Plugin,4.3,MEDIUM,0.0024999999441206455,false,,false,false,false,,,false,false,,2019-05-21T13:00:22.000Z,0
CVE-2019-10303,https://securityvulnerability.io/vulnerability/CVE-2019-10303,,Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.,Jenkins,Jenkins Azure Publishersettings Credentials Plugin,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2019-04-18T16:54:18.000Z,0