cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34205,https://securityvulnerability.io/vulnerability/CVE-2022-34205,Cross-Site Request Forgery Vulnerability in Jenkins Jianliao Notification Plugin,"A cross-site request forgery vulnerability exists in the Jenkins Jianliao Notification Plugin version 1.1 and earlier. This flaw enables attackers to issue HTTP POST requests to a targeted URL, which may lead to unauthorized actions within Jenkins by tricking users into inadvertently executing malicious requests. It is crucial for users of this plugin to update to a secure version and implement protective measures against CSRF to safeguard their Jenkins environments.",Jenkins,Jenkins Jianliao Notification Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-34206,https://securityvulnerability.io/vulnerability/CVE-2022-34206,Missing Permission Check in Jenkins Jianliao Notification Plugin,"The Jianliao Notification Plugin for Jenkins contains a critical security oversight. In versions 1.1 and earlier, the plugin lacks adequate permissions checks, allowing users with Overall/Read permission to exploit this weakness. Attackers can send unauthorized HTTP POST requests to any specified URL, potentially leading to unauthorized access and data breaches. Organizations should ensure they update their plugins to mitigate this risk.",Jenkins,Jenkins Jianliao Notification Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0