cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24457,https://securityvulnerability.io/vulnerability/CVE-2023-24457,Cross-Site Request Forgery Vulnerability in Jenkins Keycloak Authentication Plugin,"A CSRF vulnerability exists in the Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier, allowing malicious actors to exploit user sessions. By persuading victims to execute a crafted request while they are logged in, attackers can gain unauthorized access to user accounts, jeopardizing sensitive information and user privacy.",Jenkins,Jenkins Keycloak Authentication Plugin,6.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24456,https://securityvulnerability.io/vulnerability/CVE-2023-24456,Session Management Flaw in Jenkins Keycloak Authentication Plugin,"The Jenkins Keycloak Authentication Plugin before version 2.3.0 fails to invalidate the previous session upon a new login. This design oversight could allow attackers to exploit active sessions, potentially leading to unauthorized access or account compromise.",Jenkins,Jenkins Keycloak Authentication Plugin,9.8,CRITICAL,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0