cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27211,https://securityvulnerability.io/vulnerability/CVE-2022-27211,Insufficient Permission Check in Jenkins Kubernetes Continuous Deploy Plugin,"A lack of proper permission verification in versions of Jenkins Kubernetes Continuous Deploy Plugin prior to 2.3.1 enables users with Overall/Read permissions to connect to arbitrary SSH servers using credentials that can be manipulated by the attacker. This vulnerability allows unauthorized access by capturing sensitive credentials stored in Jenkins, exposing systems to potential exploitation.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-15T16:46:01.000Z,0
CVE-2022-27210,https://securityvulnerability.io/vulnerability/CVE-2022-27210,CSRF Vulnerability in Kubernetes Continuous Deploy Plugin by Jenkins,"A cross-site request forgery (CSRF) vulnerability exists in the Kubernetes Continuous Deploy Plugin for Jenkins, which could allow attackers to leverage attacker-specified credentials IDs to connect to malicious SSH servers. This vulnerability effectively enables unauthorized access to sensitive credentials stored in Jenkins, raising significant security concerns for users of the affected plugin versions. It is crucial for Jenkins users to update to the latest plugin version to mitigate potential security risks.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-03-15T16:45:59.000Z,0
CVE-2022-27209,https://securityvulnerability.io/vulnerability/CVE-2022-27209,Missing Permission Check in Jenkins Kubernetes Continuous Deploy Plugin Exposes Sensitive Data,"A vulnerability exists in the Kubernetes Continuous Deploy Plugin for Jenkins whereby a missing permission check allows users with Overall/Read permissions to enumerate sensitive credential IDs stored in Jenkins. This poses a significant risk as attackers may exploit this weakness to gain insights into user credentials, potentially leading to unauthorized access and further exploitation. It is crucial for Jenkins administrators to update to the latest version of the plugin to mitigate this risk and bolster the security of their CI/CD pipeline.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-15T16:45:58.000Z,0
CVE-2022-27208,https://securityvulnerability.io/vulnerability/CVE-2022-27208,File Read Vulnerability in Kubernetes Continuous Deploy Plugin by Jenkins,"The Kubernetes Continuous Deploy Plugin for Jenkins permits users with the 'Credentials/Create' permission to gain unauthorized access to arbitrary files on the Jenkins controller. This flaw could expose sensitive information and compromise the integrity of the Jenkins environment, emphasizing the importance of securing user permissions and regular audits of plugin configurations.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-15T16:45:56.000Z,0