cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-28673,https://securityvulnerability.io/vulnerability/CVE-2023-28673,Missing Permission Check in Jenkins OctoPerf Load Testing Plugin,"A vulnerability in the Jenkins OctoPerf Load Testing Plugin occurs due to a missing permission check. This flaw allows attackers with Overall/Read permission to enumerate the credentials IDs of stored credentials within Jenkins, potentially leading to unauthorized exposure of sensitive information.",Jenkins,Jenkins OctoPerf Load Testing Plugin Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-28674,https://securityvulnerability.io/vulnerability/CVE-2023-28674,Cross-Site Request Forgery in Jenkins OctoPerf Load Testing Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins OctoPerf Load Testing Plugin, allowing attackers to exploit previously configured OctoPerf servers by using attacker-defined credentials. This flaw could lead to unauthorized access and manipulation of user configurations, potentially compromising the integrity of the application and the data it handles.",Jenkins,Jenkins OctoPerf Load Testing Plugin Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-28671,https://securityvulnerability.io/vulnerability/CVE-2023-28671,CSRF Vulnerability in OctoPerf Load Testing Plugin for Jenkins,"The OctoPerf Load Testing Plugin for Jenkins is susceptible to a cross-site request forgery (CSRF) attack. This security flaw allows malicious actors to manipulate user sessions and connect to arbitrary URLs. By exploiting this vulnerability, attackers can use credentials obtained through other means, potentially leading to unauthorized access and credential compromise within Jenkins. Users are advised to upgrade to the latest version of the plugin to mitigate risks associated with this vulnerability.",Jenkins,Jenkins OctoPerf Load Testing Plugin Plugin,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-28672,https://securityvulnerability.io/vulnerability/CVE-2023-28672,Permission Check Flaw in Jenkins OctoPerf Load Testing Plugin by Jenkins,"The Jenkins OctoPerf Load Testing Plugin versions 4.5.1 and earlier contain a vulnerability where a connection test HTTP endpoint does not enforce proper permission checks. This allows users with Overall/Read permission to connect to arbitrary URLs specified by an attacker, utilizing attacker-chosen credential IDs that may have been obtained through different means. As a result, this flaw can lead to unauthorized access to sensitive credentials stored within the Jenkins environment, posing significant security risks.",Jenkins,Jenkins OctoPerf Load Testing Plugin Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-28675,https://securityvulnerability.io/vulnerability/CVE-2023-28675,Missing Permission Check in Jenkins OctoPerf Load Testing Plugin Allows Unauthorized Server Access,A security flaw exists in the Jenkins OctoPerf Load Testing Plugin that allows unauthorized users to connect to a configured OctoPerf server using credentials they specify. This missing permission check could potentially expose sensitive data or lead to further exploitation of the affected system.,Jenkins,Jenkins OctoPerf Load Testing Plugin Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0