cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-33005,https://securityvulnerability.io/vulnerability/CVE-2023-33005,Session Management Flaw in Jenkins WSO2 Oauth Plugin by Jenkins,"The Jenkins WSO2 Oauth Plugin version 1.0 and earlier contains a flaw where previous user sessions are not properly invalidated upon new logins. This potentially allows attackers to exploit these active sessions, gaining unauthorized access to user accounts and sensitive data. It is crucial for users to review the plugin's usage and consider updating to secure their environments.",Jenkins,Jenkins Wso2 Oauth Plugin,5.4,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0 CVE-2023-33006,https://securityvulnerability.io/vulnerability/CVE-2023-33006,Cross-Site Request Forgery in Jenkins WSO2 Oauth Plugin,"The Jenkins WSO2 Oauth Plugin, version 1.0 and earlier, is susceptible to a cross-site request forgery (CSRF) vulnerability. This weakness allows attackers to manipulate authenticated users into unintentionally logging into an account they control, compromising user credentials and sessions. Organizations using affected versions are advised to apply the latest security patches to mitigate potential exploitation.",Jenkins,Jenkins Wso2 Oauth Plugin,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0 CVE-2023-30527,https://securityvulnerability.io/vulnerability/CVE-2023-30527,Unencrypted Secret Storage in Jenkins WSO2 Oauth Plugin by Jenkins,"The Jenkins WSO2 Oauth Plugin, when configured with versions 1.0 and earlier, poses a significant security risk as it stores the WSO2 Oauth client secret in an unencrypted format in the global config.xml file. This file resides on the Jenkins controller, making the sensitive information accessible to any user who has access to this file system. This vulnerability underscores the importance of secure handling and storage of credentials within applications, as unauthorized users may exploit this weakness to gain access to critical components of the system.",Jenkins,Jenkins WSO2 Oauth Plugin,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-04-12T18:15:00.000Z,0 CVE-2023-30528,https://securityvulnerability.io/vulnerability/CVE-2023-30528,Sensitive Information Exposure in Jenkins WSO2 Oauth Plugin by Jenkins,"The Jenkins WSO2 Oauth Plugin prior to version 1.0 has a security flaw where the WSO2 Oauth client secret is not properly masked in the global configuration settings. This oversight can lead to situations where unauthorized users may be able to view and potentially exploit the client secret, thereby increasing the risk of attacks and compromising sensitive data.",Jenkins,Jenkins WSO2 Oauth Plugin,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-04-12T18:15:00.000Z,0