cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34802,https://securityvulnerability.io/vulnerability/CVE-2022-34802,Insecure Storage of Credentials in Jenkins RocketChat Notifier Plugin,"The Jenkins RocketChat Notifier Plugin prior to version 1.5.3 stores sensitive information, including login passwords and webhook tokens, in an unencrypted format within its global configuration file on the Jenkins controller. This poses a significant risk as the stored credentials can be easily accessed by users who have filesystem access to the Jenkins controller, potentially compromising the security of the system and the integrity of the communication with the RocketChat service.",Jenkins,Jenkins Rocketchat Notifier Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-30T17:48:14.000Z,0
CVE-2022-28139,https://securityvulnerability.io/vulnerability/CVE-2022-28139,Permission Check Flaw in Jenkins RocketChat Notifier Plugin,"A flaw in the Jenkins RocketChat Notifier Plugin allows users with Overall/Read permission to exploit a missing permission check. This vulnerability enables attackers to connect to arbitrary URLs specified by them, using their own credentials, thereby potentially leading to unauthorized access and disclosure of sensitive information.",Jenkins,Jenkins Rocketchat Notifier Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-29T12:30:53.000Z,0
CVE-2022-28138,https://securityvulnerability.io/vulnerability/CVE-2022-28138,CSRF Vulnerability in Jenkins RocketChat Notifier Plugin,"A cross-site request forgery vulnerability in the Jenkins RocketChat Notifier Plugin allows attackers to forge requests that connect to an attacker-specified URL using credentials defined by the attacker. This poses a serious risk as it enables unauthorized actions executed within the user context, which can lead to further exploitation or compromise of sensitive information.",Jenkins,Jenkins Rocketchat Notifier Plugin,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-03-29T12:30:51.000Z,0