cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24429,https://securityvulnerability.io/vulnerability/CVE-2023-24429,File Path Parsing Oversight in Jenkins Semantic Versioning Plugin,"The Jenkins Semantic Versioning Plugin enables unauthorized control over the execution of tasks by failing to restrict the execution of controller/agent messages. This vulnerability arises as a result of insufficient restrictions on the file paths that can be parsed. Attackers controlling agent processes can exploit this weakness, prompting Jenkins to parse specially crafted files, allowing extraction of sensitive secrets from the Jenkins controller. This flaw is critical and poses severe risks related to server-side request forgery, highlighting the necessity for immediate action.",Jenkins,Jenkins Semantic Versioning Plugin,9.8,CRITICAL,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2023-24430,https://securityvulnerability.io/vulnerability/CVE-2023-24430,XML External Entity Attack in Jenkins Semantic Versioning Plugin - Jenkins,"The Jenkins Semantic Versioning Plugin version 1.14 and prior is vulnerable to XML External Entity (XXE) attacks due to improper configuration of its XML parser. This flaw can allow attackers to exploit the system by using specially crafted XML input, potentially leading to exposure of sensitive data or other security breaches. Users are strongly advised to update to the latest version to mitigate this risk and enhance overall security.",Jenkins,Jenkins Semantic Versioning Plugin,9.8,CRITICAL,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2022-27201,https://securityvulnerability.io/vulnerability/CVE-2022-27201,File Path Parsing Vulnerability in Jenkins Semantic Versioning Plugin by CloudBees,"The Jenkins Semantic Versioning Plugin versions up to 1.13 allow unrestricted execution of controller/agent messages. This oversight permits potentially malicious agents to manipulate the file path that Jenkins parses, potentially leading to the extraction of sensitive data from the Jenkins controller or enabling server-side request forgery. Organizations using this plugin should upgrade to a newer version to mitigate risks associated with this vulnerability.",Jenkins,Jenkins Semantic Versioning Plugin,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-03-15T16:45:46.000Z,0