cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41234,https://securityvulnerability.io/vulnerability/CVE-2022-41234,Access Control Flaw in Rundeck Plugin for Jenkins,"The Rundeck Plugin for Jenkins prior to version 3.6.12 has a significant access control vulnerability that exposes the /plugin/rundeck/webhook/ endpoint. This flaw allows users who possess Overall/Read permissions to trigger jobs that are intended to be securely activated via Rundeck. As a result, unauthorized users can execute sensitive jobs, which could lead to potential data breaches or disruptions in service. It is crucial for users to upgrade to the latest version to mitigate this risk and enhance overall security.",Jenkins,Jenkins Rundeck Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-09-21T15:45:54.000Z,0
CVE-2022-41233,https://securityvulnerability.io/vulnerability/CVE-2022-41233,Jenkins Rundeck Plugin Access Control Vulnerability,"The Jenkins Rundeck Plugin prior to version 3.6.12 lacks proper Run/Artifacts permission checks in various HTTP endpoints. This insufficient validation allows users with only Item/Read permissions to access sensitive information about build artifacts of a job, given that the optional Run/Artifacts permissions are enabled. This oversight poses a notable risk as it could potentially expose sensitive data to unauthorized users.",Jenkins,Jenkins Rundeck Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-09-21T15:45:53.000Z,0
CVE-2022-30956,https://securityvulnerability.io/vulnerability/CVE-2022-30956,Stored Cross-Site Scripting Vulnerability in Jenkins Rundeck Plugin,"The Jenkins Rundeck Plugin versions up to 3.6.10 are susceptible to a stored cross-site scripting vulnerability due to inadequate restrictions on URL schemes within Rundeck webhook submissions. This flaw allows attackers to craft malicious payloads that, when sent via webhooks, can execute arbitrary scripts in the context of the affected user's session, potentially leading to unauthorized data access and other security issues.",Jenkins,Jenkins Rundeck Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T14:06:25.000Z,0
CVE-2020-2144,https://securityvulnerability.io/vulnerability/CVE-2020-2144,,Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,Jenkins,Jenkins Rundeck Plugin,7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-03-09T15:01:00.000Z,0
CVE-2019-16556,https://securityvulnerability.io/vulnerability/CVE-2019-16556,,"Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",Jenkins,Jenkins Rundeck Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-12-17T14:40:48.000Z,0
CVE-2019-10454,https://securityvulnerability.io/vulnerability/CVE-2019-10454,,A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.,Jenkins,Jenkins Rundeck Plugin,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2019-10-16T13:00:53.000Z,0
CVE-2019-10455,https://securityvulnerability.io/vulnerability/CVE-2019-10455,,A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,Jenkins,Jenkins Rundeck Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-16T13:00:53.000Z,0