cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-36909,https://securityvulnerability.io/vulnerability/CVE-2022-36909,Missing Permission Check in Jenkins OpenShift Deployer Plugin,"The Jenkins OpenShift Deployer Plugin has a vulnerability that allows unauthorized users with Overall/Read permissions to check for the existence of a specified file path on the Jenkins controller's file system. This issue also enables attackers to upload SSH key files to any URL defined by them, posing a significant security risk to users. Ensuring proper permission checks is crucial to prevent unauthorized access and potential exploitation.",Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:26:41.000Z,0
CVE-2022-36908,https://securityvulnerability.io/vulnerability/CVE-2022-36908,Cross-Site Request Forgery in Jenkins OpenShift Deployer Plugin,"The Jenkins OpenShift Deployer Plugin is susceptible to a cross-site request forgery (CSRF) vulnerability that enables attackers to potentially check for the existence of specified file paths on the Jenkins controller file system. Moreover, attackers can exploit this vulnerability to upload SSH key files from the Jenkins controller file system to a maliciously designated URL. This can lead to unauthorized access and manipulation of server resources. Users of affected versions are strongly advised to update to the latest version to mitigate risks.",Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-27T14:26:31.000Z,0
CVE-2022-36907,https://securityvulnerability.io/vulnerability/CVE-2022-36907,Missing Permission Check in Jenkins OpenShift Deployer Plugin,"The Jenkins OpenShift Deployer Plugin has a significant vulnerability due to a missing permission check, allowing attackers with Overall/Read permission to establish a connection to an arbitrary URL specified by the attacker. This issue permits the use of attacker-defined usernames and passwords, potentially compromising system security and exposing sensitive information. It is crucial for Jenkins users to review their plugin configurations and apply recommended updates to mitigate possible exploits.",Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:26:18.000Z,0
CVE-2022-36906,https://securityvulnerability.io/vulnerability/CVE-2022-36906,CSRF Vulnerability in Jenkins OpenShift Deployer Plugin,"A cross-site request forgery vulnerability has been identified in the Jenkins OpenShift Deployer Plugin (v1.2.0 and prior). This flaw enables malicious actors to send unauthorized requests to an attacker-defined endpoint, allowing them to connect using credentials specified by the attacker. This potentially exposes sensitive information and undermines the integrity of the user’s session, making it critical for users to update to the latest version to mitigate risks.",Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-27T14:26:07.000Z,0
CVE-2020-2155,https://securityvulnerability.io/vulnerability/CVE-2020-2155,,"Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",Jenkins,Jenkins Openshift Deployer Plugin,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-03-09T15:01:05.000Z,0
CVE-2019-1003080,https://securityvulnerability.io/vulnerability/CVE-2019-1003080,,A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.,Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2019-04-04T15:38:48.000Z,0
CVE-2019-1003081,https://securityvulnerability.io/vulnerability/CVE-2019-1003081,,A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,Jenkins,Jenkins Openshift Deployer Plugin,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2019-04-04T15:38:48.000Z,0