cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-46650,https://securityvulnerability.io/vulnerability/CVE-2023-46650,,"Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",Jenkins,Jenkins GitHub Plugin,5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0
CVE-2023-24442,https://securityvulnerability.io/vulnerability/CVE-2023-24442,,"Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.",Jenkins,Jenkins GitHub Pull Request Coverage Status Plugin,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2023-24436,https://securityvulnerability.io/vulnerability/CVE-2023-24436,,A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,Jenkins,Jenkins GitHub Pull Request Builder Plugin,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2023-24434,https://securityvulnerability.io/vulnerability/CVE-2023-24434,Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,8.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2023-24435,https://securityvulnerability.io/vulnerability/CVE-2023-24435,,"A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2022-36885,https://securityvulnerability.io/vulnerability/CVE-2022-36885,,"Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.",Jenkins,Jenkins Github Plugin,5.3,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2022-07-27T14:21:38.000Z,0
CVE-2020-2212,https://securityvulnerability.io/vulnerability/CVE-2020-2212,,Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.,Jenkins,Jenkins Github Coverage Reporter Plugin,4.3,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2020-07-02T14:55:37.000Z,0
CVE-2020-2118,https://securityvulnerability.io/vulnerability/CVE-2020-2118,,A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Pipeline Github Notify Step Plugin,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2020-02-12T14:35:44.000Z,0
CVE-2020-2117,https://securityvulnerability.io/vulnerability/CVE-2020-2117,,"A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Pipeline Github Notify Step Plugin,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2020-02-12T14:35:43.000Z,0
CVE-2020-2116,https://securityvulnerability.io/vulnerability/CVE-2020-2116,,"A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Pipeline Github Notify Step Plugin,8.8,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2020-02-12T14:35:43.000Z,0
CVE-2019-10315,https://securityvulnerability.io/vulnerability/CVE-2019-10315,,Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.,Jenkins,Jenkins Github Authentication Plugin,8.8,HIGH,0.0031900000758469105,false,false,false,false,,false,false,2019-04-30T12:25:17.000Z,0
CVE-2019-1003018,https://securityvulnerability.io/vulnerability/CVE-2019-1003018,,"An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.",Jenkins,Jenkins Github Authentication Plugin,4.3,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2019-02-06T16:29:00.000Z,0
CVE-2019-1003019,https://securityvulnerability.io/vulnerability/CVE-2019-1003019,,An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,Jenkins,Jenkins Github Authentication Plugin,5.9,MEDIUM,0.0008500000112690032,false,false,false,false,,false,false,2019-02-06T16:29:00.000Z,0