cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34184,https://securityvulnerability.io/vulnerability/CVE-2022-34184,Stored XSS Vulnerability in Jenkins CRX Content Package Deployer Plugin,"The Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier contain a stored cross-site scripting vulnerability. The vulnerability arises from the lack of proper escaping of the name and description fields of CRX Content Package Choice parameters on user-facing views. This flaw can be exploited by attackers who have Item/Configure permissions, allowing them to inject malicious scripts, which could be executed in the context of other users' sessions, compromising sensitive information and potentially leading to further exploits.",Jenkins,Jenkins Crx Content Package Deployer Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2019-10439,https://securityvulnerability.io/vulnerability/CVE-2019-10439,,A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Crx Content Package Deployer Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-16T13:00:45.000Z,0
CVE-2019-10438,https://securityvulnerability.io/vulnerability/CVE-2019-10438,,"A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Crx Content Package Deployer Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2019-10-16T13:00:45.000Z,0
CVE-2019-10437,https://securityvulnerability.io/vulnerability/CVE-2019-10437,,"A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Crx Content Package Deployer Plugin,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-10-16T13:00:44.000Z,0