cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-23903,https://securityvulnerability.io/vulnerability/CVE-2024-23903,,"Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.",Jenkins,Jenkins Gitlab Branch Source Plugin,5.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-01-24T17:52:26.696Z,0
CVE-2024-23902,https://securityvulnerability.io/vulnerability/CVE-2024-23902,,A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.,Jenkins,Jenkins GitLab Branch Source Plugin,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-01-24T17:52:26.044Z,0
CVE-2024-23901,https://securityvulnerability.io/vulnerability/CVE-2024-23901,,"Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.",Jenkins,Jenkins GitLab Branch Source Plugin,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-01-24T17:52:25.415Z,0