cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43416,https://securityvulnerability.io/vulnerability/CVE-2022-43416,Arbitrary Command Execution Vulnerability in Jenkins Katalon Plugin by Jenkins,"The Jenkins Katalon Plugin, up to version 1.0.32, allows attackers who can control agent processes to execute Katalon commands on the Jenkins controller with user-configured arguments. This flaw enables these attackers to specify arbitrary versions, installation locations, and arguments, potentially leading to unauthorized file creation or arbitrary OS command execution. Users with the 'Item/Configure' permission are particularly at risk as they could manipulate artifact archives, which heightens the security threat posed by this vulnerability.",Jenkins,Jenkins Katalon Plugin,8.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43418,https://securityvulnerability.io/vulnerability/CVE-2022-43418,Cross-Site Request Forgery Vulnerability in Jenkins Katalon Plugin,"A cross-site request forgery vulnerability exists in the Jenkins Katalon Plugin, specifically in versions 1.0.33 and earlier. This security issue enables attackers to leverage malicious requests that can direct the Jenkins server to connect to unauthorized URLs. By exploiting this vulnerability, an attacker can gain access to sensitive credentials stored in Jenkins by utilizing attacker-specified credentials IDs acquired through phishing or other means. It is crucial for users of this plugin to update to the latest version to mitigate potential risks associated with unauthorized data exposure.",Jenkins,Jenkins Katalon Plugin,4.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43419,https://securityvulnerability.io/vulnerability/CVE-2022-43419,Unencrypted API Key Exposure in Jenkins Katalon Plugin by Jenkins,"The Jenkins Katalon Plugin before version 1.0.33 contains a vulnerability that allows sensitive API keys to be stored in an unencrypted format within the job config.xml files on the Jenkins controller. This poses a risk as users with Extended Read permissions or access to the file system can potentially view these sensitive details, leading to unauthorized access to external applications and services. It is crucial for users of the Katalon Plugin to upgrade to the latest version to mitigate this risk.",Jenkins,Jenkins Katalon Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43417,https://securityvulnerability.io/vulnerability/CVE-2022-43417,Unauthorized Access in Jenkins Katalon Plugin by CloudBees,"The Jenkins Katalon Plugin versions up to 1.0.32 fail to enforce adequate permission checks on several HTTP endpoints. This vulnerability allows an attacker with Overall/Read permission to access an arbitrary URL by supplying attacker-specific credentials. As a result, sensitive credentials stored in Jenkins may be captured, posing significant risks to the integrity and security of Jenkins instances.",Jenkins,Jenkins Katalon Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0