MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2023-28676 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 8.8 | 0.29% | 2023-04-02 | 2025-02-25 |
| CVE-2023-25015 | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 | 0.13% | 2023-02-02 | 2025-03-26 |