cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2216,https://securityvulnerability.io/vulnerability/CVE-2024-2216,Missing Permission Check in Jenkins Plugin Allows Attackers to Reconfigure Future Build Steps,"A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.",Jenkins,Jenkins Docker-build-step Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T17:01:52.616Z,0
CVE-2024-2215,https://securityvulnerability.io/vulnerability/CVE-2024-2215,CSRF Vulnerability in Jenkins Docker-Build-Step Plugin Allows Attackers to Reconfigure Plugin and Affect Future Build Step Executions,"A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.",Jenkins,Jenkins Docker-build-step Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T17:01:52.007Z,0
CVE-2023-40350,https://securityvulnerability.io/vulnerability/CVE-2023-40350,Stored Cross-Site Scripting in Jenkins Docker Swarm Plugin by CloudBees,"The Jenkins Docker Swarm Plugin version 1.11 and earlier contains a stored cross-site scripting vulnerability due to improper escaping of data returned from Docker. This oversight allows malicious actors with the ability to control Docker response values to execute arbitrary JavaScript code in the context of the user’s browser, potentially compromising user accounts and exposing sensitive information through the Docker Swarm Dashboard view. To mitigate the risk, it is crucial for users to upgrade to the latest version of the plugin as recommended in the Jenkins Security Advisory.",Jenkins,Jenkins Docker Swarm Plugin,5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-08-16T15:15:00.000Z,0
CVE-2022-45385,https://securityvulnerability.io/vulnerability/CVE-2022-45385,Missing Permission Check in Jenkins CloudBees Docker Hub/Registry Notification Plugin,"A vulnerability exists in Jenkins CloudBees Docker Hub/Registry Notification Plugin, where a missing permission check allows unauthenticated attackers to initiate job builds in the specified repository. This flaw potentially exposes sensitive operations to untrusted users, compromising the integrity and security of automated processes.",Jenkins,Jenkins CloudBees Docker Hub/Registry Notification Plugin,7.5,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-20617,https://securityvulnerability.io/vulnerability/CVE-2022-20617,OS Command Execution Vulnerability in Jenkins Docker Commons Plugin,"The Jenkins Docker Commons Plugin prior to version 1.18 is vulnerable to an OS command execution flaw. This vulnerability arises from improper sanitization of user-input image names and tags, which can potentially allow attackers with 'Item/Configure' permissions or those able to manipulate the contents of a configured job's source code management (SCM) repository to execute arbitrary commands on the host operating system. Careful validation of input values is essential to mitigate this risk and ensure the security of Jenkins environments.",Jenkins,Jenkins Docker Commons Plugin,8.8,HIGH,0.0030400000978261232,false,,false,false,false,,,false,false,,2022-01-12T19:05:53.000Z,0
CVE-2019-10342,https://securityvulnerability.io/vulnerability/CVE-2019-10342,,A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Docker Plugin,4.3,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2019-07-11T13:55:17.000Z,0
CVE-2019-10341,https://securityvulnerability.io/vulnerability/CVE-2019-10341,,"A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Docker Plugin,6.5,MEDIUM,0.0017099999822676182,false,,false,false,false,,,false,false,,2019-07-11T13:55:17.000Z,0
CVE-2019-10340,https://securityvulnerability.io/vulnerability/CVE-2019-10340,,"A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Docker Plugin,8.8,HIGH,0.004389999900013208,false,,false,false,false,,,false,false,,2019-07-11T13:55:17.000Z,0
CVE-2019-1003065,https://securityvulnerability.io/vulnerability/CVE-2019-1003065,,Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,Jenkins,Jenkins Cloudshare Docker-machine Plugin,8.8,HIGH,0.0031799999997019768,false,,false,false,false,,,false,false,,2019-04-04T15:38:48.000Z,0