cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3315,https://securityvulnerability.io/vulnerability/CVE-2023-3315,Missing Permission Checks in Jenkins Team Concert Plugin by Jenkins,"The Jenkins Team Concert Plugin prior to version 2.4.1 contains a security flaw due to missing permission checks. This vulnerability permits attackers with Overall/Read permission to probe for the existence of a file path on the Jenkins controller's file system at their discretion. Such exposure can lead to unauthorized data access, thereby undermining the integrity and security of the Jenkins installation. Users are advised to update to the latest version to mitigate this risk.",Jenkins,Jenkins Team Concert Plugin,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-06-19T21:15:00.000Z,0
CVE-2019-16567,https://securityvulnerability.io/vulnerability/CVE-2019-16567,,A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Team Concert Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-12-17T14:40:53.000Z,0
CVE-2019-16565,https://securityvulnerability.io/vulnerability/CVE-2019-16565,,"A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Team Concert Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2019-12-17T14:40:52.000Z,0
CVE-2019-16566,https://securityvulnerability.io/vulnerability/CVE-2019-16566,,"A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Team Concert Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-12-17T14:40:52.000Z,0