{"vulnerability": "CVE-2022-2815", "sightings": [{"uuid": "c9d4804a-f8d3-4708-a843-2d6e62794fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2815", "type": "seen", "source": "https://t.me/cibsecurity/56508", "content": "\u203c CVE-2022-2815 \u203c\n\nInsecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-14T16:37:05.000000Z"}, {"uuid": "085c27a4-09b4-469d-8297-b96b99342a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28159", "type": "seen", "source": "https://t.me/cibsecurity/39724", "content": "\u203c CVE-2022-28159 \u203c\n\nJenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:12.000000Z"}, {"uuid": "9bf8d4bc-ae17-45db-adf7-aff09e4e3f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28155", "type": "seen", "source": "https://t.me/cibsecurity/39738", "content": "\u203c CVE-2022-28155 \u203c\n\nJenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:34.000000Z"}, {"uuid": "772ab57f-05a3-4466-870a-dd56f7e95dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28154", "type": "seen", "source": "https://t.me/cibsecurity/39742", "content": "\u203c CVE-2022-28154 \u203c\n\nJenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:37.000000Z"}, {"uuid": "d340d7eb-a85c-4976-b196-4836d3abc642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28158", "type": "seen", "source": "https://t.me/cibsecurity/39729", "content": "\u203c CVE-2022-28158 \u203c\n\nA missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:19.000000Z"}, {"uuid": "2cd76786-a5f9-4c5b-a8e1-364de2583bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28152", "type": "seen", "source": "https://t.me/cibsecurity/39730", "content": "\u203c CVE-2022-28152 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:20.000000Z"}, {"uuid": "e02d7dc9-0ea7-4690-b216-d0e933b1d64d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28153", "type": "seen", "source": "https://t.me/cibsecurity/39739", "content": "\u203c CVE-2022-28153 \u203c\n\nJenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:35.000000Z"}]}