cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37955,https://securityvulnerability.io/vulnerability/CVE-2023-37955,Cross-Site Request Forgery Vulnerability in Jenkins Test Results Aggregator Plugin,The Jenkins Test Results Aggregator Plugin is susceptible to a cross-site request forgery (CSRF) vulnerability that enables attackers to initiate actions on behalf of a user without their consent. This vulnerability allows an attacker to send crafted requests that could compel the Jenkins server to connect to malicious URLs utilizing compromised user credentials. This could potentially expose sensitive systems once the attacker gains access through unauthorized means. Users are strongly advised to upgrade to the latest versions of the plugin to mitigate this risk.,Jenkins,Jenkins Test Results Aggregator Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0
CVE-2023-37956,https://securityvulnerability.io/vulnerability/CVE-2023-37956,Missing Permission Check in Jenkins Test Results Aggregator Plugin,"A vulnerability in the Jenkins Test Results Aggregator Plugin version 1.2.13 and earlier enables attackers with Overall/Read permission to exploit a missing permission check. This flaw allows them to connect to URLs specified by the attacker while using attacker-controlled credentials, potentially leading to unauthorized access and data exposure. It is crucial for users to update their plugins and review access permissions to mitigate this risk.",Jenkins,Jenkins Test Results Aggregator Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-07-12T16:15:00.000Z,0