cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-50766,https://securityvulnerability.io/vulnerability/CVE-2023-50766,Cross-Site Request Forgery Vulnerability in Jenkins Nexus Platform Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Nexus Platform Plugin, specifically in versions 3.18.0-03 and earlier. This flaw allows attackers to manipulate user requests to send malicious HTTP requests to user-defined URLs, potentially leading to unauthorized actions and data manipulation. The vulnerability enables the parsing of the response as XML, which could be leveraged in further exploitations. Users of the affected versions are advised to update to secure versions as recommended in the Jenkins security advisory.",Jenkins,Jenkins Nexus Platform Plugin,8.8,HIGH,0.0006600000197067857,false,false,false,false,,false,false,2023-12-13T18:15:00.000Z,0
CVE-2023-50767,https://securityvulnerability.io/vulnerability/CVE-2023-50767,,Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.,Jenkins,Jenkins Nexus Platform Plugin,5.4,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2023-12-13T18:15:00.000Z,0
CVE-2023-50768,https://securityvulnerability.io/vulnerability/CVE-2023-50768,CSRF Vulnerability in Jenkins Nexus Platform Plugin,"A cross-site request forgery vulnerability exists in the Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier, enabling attackers to leverage manipulated requests to connect to a malicious HTTP server. By obtaining attacker-specified credential IDs through alternate methods, attackers can potentially capture sensitive credentials stored in Jenkins, leading to unauthorized access and exploitation.",Jenkins,Jenkins Nexus Platform Plugin,8.8,HIGH,0.0006600000197067857,false,false,false,false,,false,false,2023-12-13T18:15:00.000Z,0
CVE-2023-50769,https://securityvulnerability.io/vulnerability/CVE-2023-50769,,"Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Nexus Platform Plugin,4.3,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2023-12-13T18:15:00.000Z,0