cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37964,https://securityvulnerability.io/vulnerability/CVE-2023-37964,Cross-Site Request Forgery Vulnerability in Jenkins ElasticBox CI Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins ElasticBox CI Plugin version 5.0.1 and earlier, enabling attackers to craft malicious requests that can connect to URLs specified by the attacker. This could allow unauthorized access to sensitive information by leveraging credentials IDs that have been compromised through alternative methods. Organizations using this plugin should take immediate steps to update to a fixed version to mitigate potential risks associated with this vulnerability.",Jenkins,Jenkins Elasticbox Ci Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2023-37965,https://securityvulnerability.io/vulnerability/CVE-2023-37965,Permission Check Flaw in Jenkins ElasticBox CI Plugin,"A flaw in the Jenkins ElasticBox CI Plugin versions 5.0.1 and earlier exposes the system to potential breaches. The vulnerability arises from a missing permission check that grants attackers with Overall/Read permission the capability to connect to arbitrary URLs. They can exploit this by utilizing credentials IDs acquired via other means, thereby capturing sensitive information stored within the Jenkins environment.",Jenkins,Jenkins Elasticbox Ci Plugin,7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2019-10450,https://securityvulnerability.io/vulnerability/CVE-2019-10450,,Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,Jenkins,Jenkins Elasticbox Ci Plugin,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-10-16T13:00:51.000Z,0