cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28152,https://securityvulnerability.io/vulnerability/CVE-2022-28152,Cross-Site Request Forgery in Jenkins Job and Node Ownership Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins Job and Node Ownership Plugin that allows attackers to change the ownership of jobs without proper authorization, potentially leading to unauthorized access and manipulation of Jenkins jobs. This vulnerability affects versions 0.13.0 and earlier, making it crucial for users to upgrade to a patched version to mitigate risks.",Jenkins,Jenkins Job And Node Ownership Plugin,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-03-29T12:31:14.000Z,0
CVE-2022-28151,https://securityvulnerability.io/vulnerability/CVE-2022-28151,Insecure Permissions in Jenkins Job and Node Ownership Plugin by Jenkins,"A significant security flaw has been identified in the Jenkins Job and Node Ownership Plugin versions 0.13.0 and earlier, where a missing permission check enables users with only Item/Read permissions to alter job ownership and modify item-specific permissions. This vulnerability poses a risk of unauthorized access and manipulation of job configurations, potentially leading to security breaches. Administrators are urged to update to the latest plugin version to mitigate this risk. For further details, refer to the official Jenkins security advisory.",Jenkins,Jenkins Job And Node Ownership Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:31:13.000Z,0
CVE-2022-28150,https://securityvulnerability.io/vulnerability/CVE-2022-28150,CSRF Vulnerability in Jenkins Job and Node Ownership Plugin,"The Jenkins Job and Node Ownership Plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which permits unauthorized attackers to change the ownership and specific permissions of a Jenkins job. If exploited, this vulnerability can enable an attacker to assume control over job configurations without authorization, potentially leading to further security breaches. It is crucial for users of the affected plugin version to apply necessary patches to safeguard against this risk.",Jenkins,Jenkins Job And Node Ownership Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-03-29T12:31:11.000Z,0
CVE-2022-28149,https://securityvulnerability.io/vulnerability/CVE-2022-28149,Stored Cross-Site Scripting in Jenkins Job and Node Ownership Plugin by Jenkins,"The Jenkins Job and Node Ownership Plugin prior to version 0.13.0 contains an exploit leveraging stored cross-site scripting (XSS) due to improper handling of secondary owner names. Attackers with Item/Configure permissions can inject malicious scripts, affecting users interacting with the system. This vulnerability emphasizes the importance of proper input sanitization and escaping in web applications.",Jenkins,Jenkins Job And Node Ownership Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:31:10.000Z,0