cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28158,https://securityvulnerability.io/vulnerability/CVE-2022-28158,Missing Permission Check in Jenkins Plugin Allows Enumeration of Credential IDs,"The Jenkins Pipeline: Phoenix AutoTest Plugin prior to version 1.4 is susceptible to a vulnerability due to a missing permission check. This flaw allows users with Overall/Read permission to access and enumerate credential IDs stored within Jenkins. Attackers could exploit this vulnerability to gain insights into sensitive credential information, potentially leading to further attacks or unauthorized access.",Jenkins,Jenkins Pipeline: Phoenix Autotest Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-29T12:31:24.000Z,0
CVE-2022-28157,https://securityvulnerability.io/vulnerability/CVE-2022-28157,Arbitrary File Upload Vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin,"The Phoenix AutoTest Plugin for Jenkins, version 1.3 and earlier, has a security weakness that permits users with Item/Configure permissions to upload arbitrary files from the Jenkins controller to a remote FTP server specified by an attacker. This capability can be exploited, potentially leading to unauthorized access and manipulation of sensitive files within the Jenkins environment. It is crucial for administrators to apply the necessary updates and implement robust security practices to mitigate the risk associated with this vulnerability.",Jenkins,Jenkins Pipeline: Phoenix Autotest Plugin,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-03-29T12:31:22.000Z,0
CVE-2022-28156,https://securityvulnerability.io/vulnerability/CVE-2022-28156,File Copy Vulnerability in Jenkins Pipeline Phoenix AutoTest Plugin,"The Phoenix AutoTest Plugin for Jenkins, specifically version 1.3 and earlier, contains a significant vulnerability that enables users with Item/Configure permissions to copy arbitrary files and directories from the Jenkins controller to the agent workspace. This flaw can lead to unauthorized access to sensitive files, posing a serious risk to the integrity and confidentiality of the Jenkins environment. It is crucial for users to review their plugin versions and apply necessary updates to mitigate this issue effectively.",Jenkins,Jenkins Pipeline: Phoenix Autotest Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-29T12:31:21.000Z,0
CVE-2022-28155,https://securityvulnerability.io/vulnerability/CVE-2022-28155,Jenkins Pipeline Plugin Vulnerability Exposes XML Parsing Risk,The Phoenix AutoTest Plugin for Jenkins prior to version 1.4 contains a vulnerability that allows an attacker to exploit XML external entity (XXE) parsing. This can lead to the exposure of sensitive information and unintended interactions with internal systems. Users are encouraged to update to the latest version to mitigate potential risks associated with this vulnerability.,Jenkins,Jenkins Pipeline: Phoenix Autotest Plugin,8.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-29T12:31:19.000Z,0