cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-41937,https://securityvulnerability.io/vulnerability/CVE-2023-41937,Vulnerability in Jenkins Bitbucket Plugin Exposes Credentials,"The Jenkins Bitbucket Push and Pull Request Plugin, versions 2.4.0 to 2.8.3, improperly trusts values in webhook payloads. This flaw allows attackers to send specially crafted webhook requests that can deceive the plugin into connecting to arbitrary URLs, leading to the exposure of sensitive Bitbucket credentials stored within Jenkins. This vulnerability emphasizes the need for stringent validation of incoming data and robust security measures to protect critical user information.",Jenkins,Jenkins Bitbucket Push And Pull Request Plugin,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0
CVE-2023-30521,https://securityvulnerability.io/vulnerability/CVE-2023-30521,Unauthorized Build Trigger in Jenkins Assembla Merge Request Builder Plugin,"The Jenkins Assembla merge request builder Plugin is susceptible to a vulnerability where an inadequate permission verification exists, allowing unauthenticated attackers to initiate builds for jobs linked to repositories that they specify. This could lead to unintended operations within the Jenkins environment, raising concerns about job integrity and security.",Jenkins,Jenkins Assembla merge request builder Plugin,5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-04-12T18:15:00.000Z,0
CVE-2023-24442,https://securityvulnerability.io/vulnerability/CVE-2023-24442,Sensitive Credential Exposure in Jenkins GitHub Pull Request Coverage Status Plugin,"The Jenkins GitHub Pull Request Coverage Status Plugin versions prior to 2.2.0 improperly stores sensitive information, including GitHub Personal Access Tokens, Sonar access tokens, and Sonar passwords, in an unencrypted format within the global configuration file on the Jenkins controller. This security oversight allows users with access to the Jenkins controller's file system to potentially view this sensitive information, posing significant risks to the integrity and confidentiality of affected projects.",Jenkins,Jenkins GitHub Pull Request Coverage Status Plugin,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24434,https://securityvulnerability.io/vulnerability/CVE-2023-24434,Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24435,https://securityvulnerability.io/vulnerability/CVE-2023-24435,Missing Permission Check in Jenkins GitHub Pull Request Builder Plugin,"A missing permission check in Jenkins' GitHub Pull Request Builder Plugin allows users with Overall/Read permissions to connect to unauthorized URLs. This vulnerability can be exploited by attackers to gain access to compromised credentials by using credential IDs that they obtain through various means, exposing sensitive data stored within Jenkins.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24436,https://securityvulnerability.io/vulnerability/CVE-2023-24436,Unauthorized Credential Enumeration in Jenkins GitHub Pull Request Builder Plugin,"The Jenkins GitHub Pull Request Builder Plugin suffers from a security flaw that allows users with Overall/Read permissions to access and enumerate the IDs of stored credentials in Jenkins. This missing permission verification creates an avenue for attackers to exploit sensitive information, posing a significant risk to user security and data integrity. Keeping the plugin updated and reviewing user permissions are crucial steps to mitigate this vulnerability.",Jenkins,Jenkins GitHub Pull Request Builder Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2022-36901,https://securityvulnerability.io/vulnerability/CVE-2022-36901,Authentication Bypass in Jenkins HTTP Request Plugin by CloudBees,"The Jenkins HTTP Request Plugin prior to version 1.16 fails to properly secure HTTP Request passwords by storing them unencrypted in its global configuration file. This oversight allows unauthorized users with access to the Jenkins controller file system to view sensitive credentials, potentially leading to further exploitation of the Jenkins environment.",Jenkins,Jenkins Http Request Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-27T14:25:00.000Z,0
CVE-2022-34815,https://securityvulnerability.io/vulnerability/CVE-2022-34815,Cross-Site Request Forgery Vulnerability in Jenkins Request Rename Or Delete Plugin,"A cross-site request forgery (CSRF) vulnerability in the Jenkins Request Rename Or Delete Plugin enables attackers to manipulate pending requests. This flaw allows unauthorized users to rename or delete existing jobs without proper validation. By exploiting this vulnerability, an attacker could potentially disrupt essential workflows, posing a risk to the integrity of Jenkins-managed operations. For more information, refer to the Jenkins security advisory.",Jenkins,Jenkins Request Rename Or Delete Plugin,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-06-30T17:49:28.000Z,0
CVE-2022-34814,https://securityvulnerability.io/vulnerability/CVE-2022-34814,Unauthorized Access in Jenkins Request Rename Or Delete Plugin,"The Request Rename Or Delete Plugin for Jenkins versions 1.1.0 and earlier contains a vulnerability where it fails to adequately validate permissions for an HTTP endpoint. This oversight permits users with Overall/Read access to access restricted administrative configuration pages, potentially compromising sensitive information about pending requests.",Jenkins,Jenkins Request Rename Or Delete Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-30T17:49:22.000Z,0
CVE-2022-34782,https://securityvulnerability.io/vulnerability/CVE-2022-34782,Improper Permission Check in Jenkins Requests-Plugin Allows Unauthorized Access,"An improper permission check in the Jenkins Requests-Plugin version 2.2.16 and earlier permits attackers with Overall/Read permission to access and view the list of pending requests. This flaw could expose sensitive information to unauthorized users, highlighting the crucial need for ensuring robust permission settings in applications.",Jenkins,Jenkins Requests-plugin Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-30T17:46:21.000Z,0
CVE-2021-21676,https://securityvulnerability.io/vulnerability/CVE-2021-21676,,"Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.",Jenkins,Jenkins Requests-plugin Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-30T16:45:25.000Z,0
CVE-2021-21675,https://securityvulnerability.io/vulnerability/CVE-2021-21675,,A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.,Jenkins,Jenkins Requests-plugin Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2021-06-30T16:45:24.000Z,0
CVE-2021-21674,https://securityvulnerability.io/vulnerability/CVE-2021-21674,,A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.,Jenkins,Jenkins Requests-plugin Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-30T16:45:22.000Z,0