cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41250,https://securityvulnerability.io/vulnerability/CVE-2022-41250,Missing Permission Check in Jenkins SCM HttpClient Plugin,"The SCM HttpClient Plugin for Jenkins is susceptible to a significant vulnerability due to a missing permission check. This flaw allows users with Overall/Read permissions to connect to potentially malicious HTTP servers. By utilizing attacker-specified credential IDs, which they may acquire through alternative methods, an attacker can capture sensitive credentials stored in Jenkins. This exposure can lead to unauthorized access and further exploitation if not addressed promptly.",Jenkins,Jenkins Scm Httpclient Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-21T15:46:08.000Z,0
CVE-2022-41249,https://securityvulnerability.io/vulnerability/CVE-2022-41249,Cross-Site Request Forgery Vulnerability in Jenkins SCM HttpClient Plugin,"The Jenkins SCM HttpClient Plugin suffers from a Cross-Site Request Forgery vulnerability that allows attackers to send unauthorized HTTP requests using the credentials of authenticated users. By exploiting this flaw, an attacker can redirect requests to a malicious HTTP server, enabling them to capture sensitive credentials stored within Jenkins. This risk particularly affects versions 1.5 and earlier of the SCM HttpClient Plugin, emphasizing the importance of applying security updates to mitigate the threat.",Jenkins,Jenkins Scm Httpclient Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-09-21T15:46:07.000Z,0