MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-28676 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 8.8 | 0.29% | 2023-04-02 | 2025-02-25 |
| CVE-2023-25015 | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 | 0.13% | 2023-02-02 | 2025-03-26 |