cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43410,https://securityvulnerability.io/vulnerability/CVE-2022-43410,Information Disclosure Vulnerability in Jenkins Mercurial Plugin,"The Jenkins Mercurial Plugin, specifically versions 1251.va_b_121f184902 and earlier, contains a vulnerability that allows unauthorized access to information about triggered or scheduled jobs via its webhook endpoint. This flaw exposes job details to users who typically do not have permission to view that information, potentially leading to unauthorized insights into project activities and workflows.",Jenkins,Jenkins Mercurial Plugin,5.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-30948,https://securityvulnerability.io/vulnerability/CVE-2022-30948,Insufficient Access Control in Jenkins Mercurial Plugin,"The Jenkins Mercurial Plugin version 2.16 and older versions have a vulnerability that allows users who can configure pipelines to access and check out certain source control management (SCM) repositories using local file system paths. This can lead to unauthorized access to project information stored within the Jenkins controller, potentially exposing sensitive data from other projects. This vulnerability highlights the importance of secure path handling and proper access control mechanisms within CI/CD environments.",Jenkins,Jenkins Mercurial Plugin,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2022-05-17T14:06:07.000Z,0
CVE-2020-2305,https://securityvulnerability.io/vulnerability/CVE-2020-2305,,Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,Jenkins,Jenkins Mercurial Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-11-04T14:35:39.000Z,0
CVE-2020-2306,https://securityvulnerability.io/vulnerability/CVE-2020-2306,,A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.,Jenkins,Jenkins Mercurial Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-04T14:35:39.000Z,0