cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-36904,https://securityvulnerability.io/vulnerability/CVE-2022-36904,Inadequate Permission Check in Jenkins Repository Connector Plugin,"The Jenkins Repository Connector Plugin versions 2.2.0 and earlier lack a proper permission check during form validation, enabling attackers with Overall/Read permissions to probe the Jenkins controller's file system for the presence of specified files. This vulnerability could lead to unauthorized access to sensitive information, compromising the security of Jenkins environments. Users are encouraged to upgrade to the latest version to mitigate this risk. For more information, refer to the [Jenkins security advisory](https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29).",Jenkins,Jenkins Repository Connector Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:25:41.000Z,0
CVE-2022-36903,https://securityvulnerability.io/vulnerability/CVE-2022-36903,Missing Permission Check in Jenkins Repository Connector Plugin,"A vulnerability exists in the Jenkins Repository Connector Plugin due to a missing permission check, which can be exploited by users with Overall/Read permission. This allows attackers to enumerate the IDs of credentials stored in Jenkins, potentially exposing sensitive information and compromising security measures. It is crucial for users to review their plugin versions and apply necessary updates to safeguard against this vulnerability.",Jenkins,Jenkins Repository Connector Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:25:27.000Z,0
CVE-2022-34195,https://securityvulnerability.io/vulnerability/CVE-2022-34195,Stored Cross-Site Scripting Vulnerability in Jenkins Repository Connector Plugin,"The Jenkins Repository Connector Plugin, up to version 2.2.0, is susceptible to a stored cross-site scripting (XSS) vulnerability due to failure in escaping the name and description of Maven Repository Artifact parameters, particularly on views where these parameters are displayed. This vulnerability allows attackers with Item/Configure permission to execute malicious scripts, potentially compromising user data and application integrity. It is crucial for users to apply appropriate updates and follow security recommendations to mitigate this risk.",Jenkins,Jenkins Repository Connector Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2021-21618,https://securityvulnerability.io/vulnerability/CVE-2021-21618,,"Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",Jenkins,Jenkins Repository Connector Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-02-24T15:05:28.000Z,0
CVE-2020-2149,https://securityvulnerability.io/vulnerability/CVE-2020-2149,,"Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",Jenkins,Jenkins Repository Connector Plugin,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-03-09T15:01:02.000Z,0
CVE-2019-1003038,https://securityvulnerability.io/vulnerability/CVE-2019-1003038,,"An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.",Jenkins,Jenkins Repository Connector Plugin,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0