cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-24435,https://securityvulnerability.io/vulnerability/CVE-2023-24435,,"A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2023-24436,https://securityvulnerability.io/vulnerability/CVE-2023-24436,,A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,Jenkins,Jenkins GitHub Pull Request Builder Plugin,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0
CVE-2023-24434,https://securityvulnerability.io/vulnerability/CVE-2023-24434,Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,8.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2023-01-26T21:18:00.000Z,0