cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-25175,https://securityvulnerability.io/vulnerability/CVE-2022-25175,Vulnerable Jenkins Plugin Allows Arbitrary OS Command Execution,"The Jenkins Pipeline Multibranch Plugin, when configured improperly, exposes a critical security flaw where it uses the same checkout directories for distinct SCMs in the readTrusted step. This vulnerability allows attackers, who possess the Item/Configure permissions, to execute arbitrary operating system commands on the Jenkins controller through specially crafted SCM contents. It emphasizes the importance of proper configuration and user permissions in maintaining the security posture of Jenkins environments.",Jenkins,Jenkins Pipeline: Multibranch Plugin,8.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-15T00:00:00.000Z,0
CVE-2022-25179,https://securityvulnerability.io/vulnerability/CVE-2022-25179,Jenkins Pipeline Multibranch Plugin Vulnerability Exposes Sensitive Files,"The Jenkins Pipeline Multibranch Plugin allows the reading of files from locations outside the designated checkout directory. By following symbolic links, it enables users with appropriately configured Pipeline permissions to access arbitrary files on the Jenkins controller file system. This flaw poses a significant risk by potentially exposing sensitive information within system files and environments.",Jenkins,Jenkins Pipeline: Multibranch Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T00:00:00.000Z,0