cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24447,https://securityvulnerability.io/vulnerability/CVE-2023-24447,Cross-Site Request Forgery Vulnerability in Jenkins RabbitMQ Consumer Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins RabbitMQ Consumer Plugin versions 2.8 and earlier. This vulnerability could allow attackers to leverage an attacker-specified AMQP(S) URL, connecting with an attacker-defined username and password, potentially compromising the application. Users are urged to update to the latest version to mitigate this security risk.",Jenkins,Jenkins RabbitMQ Consumer Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24448,https://securityvulnerability.io/vulnerability/CVE-2023-24448,Missing Permission Check in Jenkins RabbitMQ Consumer Plugin,"A significant security concern exists in the RabbitMQ Consumer Plugin for Jenkins, where a missing permission check allows users with Overall/Read permissions to connect to an external AMQP(S) URL. This vulnerability enables attackers to specify both the URL and the credentials (username and password), potentially leading to unauthorized access to sensitive information. Users are urged to upgrade to the latest version to mitigate this risk.",Jenkins,Jenkins RabbitMQ Consumer Plugin,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0