cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25762,https://securityvulnerability.io/vulnerability/CVE-2023-25762,Stored Cross-Site Scripting Vulnerability in Jenkins Pipeline Build Step Plugin,"The Pipeline Build Step Plugin for Jenkins versions up to 2.18 contains a vulnerability that allows for stored cross-site scripting (XSS). This occurs because job names are not properly escaped in a JavaScript expression utilized within the Pipeline Snippet Generator. Attackers with control over job names can exploit this flaw, potentially leading to unauthorized script execution in the context of other users' sessions.",Jenkins,Jenkins Pipeline: Build Step Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2022-25184,https://securityvulnerability.io/vulnerability/CVE-2022-25184,Jenkins Pipeline Build Step Plugin Vulnerability Exposes Password Parameters,"The Jenkins Pipeline: Build Step Plugin versions 2.15 and earlier are affected by a vulnerability that allows users with Item/Read permissions to expose default password parameter values. This occurs during the generation of pipeline scripts using the Pipeline Snippet Generator. Attackers can exploit this weakness to access sensitive information unintentionally revealed in the scripting process, leading to potential unauthorized access to secured systems.",Jenkins,Jenkins Pipeline: Build Step Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:11:08.000Z,0