cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28137,https://securityvulnerability.io/vulnerability/CVE-2022-28137,Missing Permission Check in Jenkins JiraTestResultReporter Plugin,"The JiraTestResultReporter Plugin for Jenkins has a vulnerability due to a missing permission check that allows attackers with Overall/Read permission to connect to an arbitrary URL provided by the attacker. This exploit can lead to unauthorized access, enabling the attacker to use compromised credentials to manipulate data or execute malicious actions. It is crucial for users of this plugin to ensure they upgrade to patched versions to mitigate potential risks.",Jenkins,Jenkins Jiratestresultreporter Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:30:50.000Z,0
CVE-2022-28136,https://securityvulnerability.io/vulnerability/CVE-2022-28136,Cross-Site Request Forgery Vulnerability in Jenkins JiraTestResultReporter Plugin,"A cross-site request forgery (CSRF) vulnerability exists within the Jenkins JiraTestResultReporter Plugin, impacting version 165.v817928553942 and earlier. This flaw permits attackers to execute commands that connect to a maliciously specified URL by leveraging user credentials without their consent. As a result, unauthorized actions can be performed on behalf of a legitimate user, heightening the risk of data breaches and exploitation of user privileges.",Jenkins,Jenkins Jiratestresultreporter Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-03-29T12:30:48.000Z,0