cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37949,https://securityvulnerability.io/vulnerability/CVE-2023-37949,Missing Permission Check in Jenkins Orka by MacStadium Plugin Affects Security,"A vulnerability has been identified in the Jenkins Orka by MacStadium Plugin, where a missing permission check allows users with Overall/Read permission to connect to arbitrary URLs with credentials specified by the attacker. This flaw can lead to the unauthorized disclosure of sensitive credentials stored in Jenkins, potentially compromising the security of the entire Jenkins environment. It is essential for users of the affected versions to assess their risk and apply necessary security measures.",Jenkins,Jenkins Orka By Macstadium Plugin,7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2023-24432,https://securityvulnerability.io/vulnerability/CVE-2023-24432,Cross-Site Request Forgery Vulnerability in Jenkins Orka by MacStadium Plugin,"The Jenkins Orka by MacStadium Plugin is susceptible to a cross-site request forgery vulnerability, which could allow an attacker to exploit user sessions. By targeting an HTTP server indicated by the attacker and utilizing credentials acquired through other means, this vulnerability poses a significant risk of unauthorized access to sensitive credentials stored in Jenkins. Proper security measures must be put in place to mitigate the potential consequences of such exploitation.",Jenkins,Jenkins Orka by MacStadium Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24433,https://securityvulnerability.io/vulnerability/CVE-2023-24433,Permission Check Flaw in Jenkins Orka by MacStadium Plugin Affects User Credentials,"The Jenkins Orka by MacStadium Plugin has a vulnerability that stems from missing permission checks. This flaw permits attackers with Overall/Read permissions to connect to a malicious HTTP server using compromised credential IDs, which they acquire through alternate means. Consequently, this allows attackers to capture credentials stored within Jenkins, posing a significant risk to the integrity and confidentiality of user data.",Jenkins,Jenkins Orka by MacStadium Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24431,https://securityvulnerability.io/vulnerability/CVE-2023-24431,Missing Permission Check in Jenkins Orka by MacStadium Plugin,"The Jenkins Orka by MacStadium Plugin prior to version 1.31 contains a security flaw where permission checks are inadequately implemented. This oversight allows attackers who possess Overall/Read permissions to exploit the vulnerability, enabling them to enumerate credential IDs of sensitive information stored in Jenkins. This could lead to unauthorized access to critical credentials, compromising the security posture of affected Jenkins instances.",Jenkins,Jenkins Orka by MacStadium Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0