cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-30516,https://securityvulnerability.io/vulnerability/CVE-2023-30516,Inadequate SSL/TLS Certificate Validation in Jenkins Image Tag Parameter Plugin,"The Jenkins Image Tag Parameter Plugin version 2.0 has introduced a configurational flaw concerning SSL/TLS certificate validation. Specifically, it allows connections to Docker registries without adequate verification of SSL/TLS certificates. This misconfiguration means that job setups utilizing Image Tag Parameters—established prior to version 2.0—default to having SSL/TLS certificate validation turned off. As a result, there is an increased risk of man-in-the-middle attacks, exposing sensitive data to potential interception and misuse. Users must ensure that SSL/TLS validation is manually re-enabled to safeguard against these vulnerabilities when configuring Docker jobs.",Jenkins,Jenkins Image Tag Parameter Plugin,6.5,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-04-12T18:15:00.000Z,0
CVE-2022-34189,https://securityvulnerability.io/vulnerability/CVE-2022-34189,Stored Cross-Site Scripting in Jenkins Image Tag Parameter Plugin,"The Jenkins Image Tag Parameter Plugin versions 1.10 and earlier are susceptible to stored cross-site scripting (XSS) attacks. This vulnerability arises from the failure to properly escape the name and description of Image Tag parameters in views where parameters are displayed. As a result, an attacker with Item/Configure permissions can exploit this vulnerability to inject malicious scripts, potentially compromising the integrity and security of the Jenkins environment.",Jenkins,Jenkins Image Tag Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0