cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30972,https://securityvulnerability.io/vulnerability/CVE-2022-30972,Cross-Site Request Forgery Vulnerability in Jenkins Storable Configs Plugin,"The Jenkins Storable Configs Plugin prior to version 1.1 is susceptible to a cross-site request forgery (CSRF) vulnerability. This weakness enables attackers to exploit the plugin's handling of local XML files, specifically allowing for unauthorized parsing of these files. By leveraging external entities within the XML, an attacker can extract sensitive information from the Jenkins controller or perform unauthorized server-side requests. As a result, this vulnerability poses a threat to the confidentiality and integrity of data managed by Jenkins.",Jenkins,Jenkins Storable Configs Plugin,8.8,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-05-17T14:06:59.000Z,0
CVE-2022-30971,https://securityvulnerability.io/vulnerability/CVE-2022-30971,XML External Entity Injection Vulnerability in Jenkins Storable Configs Plugin,"The Jenkins Storable Configs Plugin 1.0 and earlier is susceptible to XML external entity (XXE) attacks due to improper configuration of its XML parser. This oversight allows an attacker to exploit the plugin by sending crafted XML data, which could lead to unauthorized access to sensitive information or server-side request forgery. Users are advised to upgrade to the latest plugin version to mitigate this risk and enhance their security posture. For more details, refer to the official advisory.",Jenkins,Jenkins Storable Configs Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-05-17T14:06:57.000Z,0
CVE-2020-2278,https://securityvulnerability.io/vulnerability/CVE-2020-2278,,"Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.",Jenkins,Jenkins Storable Configs Plugin,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-09-16T13:20:50.000Z,0
CVE-2020-2277,https://securityvulnerability.io/vulnerability/CVE-2020-2277,,Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.,Jenkins,Jenkins Storable Configs Plugin,6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-09-16T13:20:49.000Z,0