cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43413,https://securityvulnerability.io/vulnerability/CVE-2022-43413,Permission Misconfiguration in Jenkins Job Import Plugin,"The Jenkins Job Import Plugin, versions 3.5 and earlier, lacks adequate permission checks for an HTTP endpoint. This oversight allows users with Overall/Read permission to list credential IDs stored within Jenkins, potentially compromising sensitive information. Proper controls should be implemented to prevent unauthorized access and ensure credential security.",Jenkins,Jenkins Job Import Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2019-1003015,https://securityvulnerability.io/vulnerability/CVE-2019-1003015,,"An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.",Jenkins,Jenkins Job Import Plugin,9.1,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0
CVE-2019-1003016,https://securityvulnerability.io/vulnerability/CVE-2019-1003016,,"An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Job Import Plugin,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0
CVE-2019-1003017,https://securityvulnerability.io/vulnerability/CVE-2019-1003017,,"A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.",Jenkins,Jenkins Job Import Plugin,5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0