{"vulnerability": "CVE-2022-3479", "sightings": [{"uuid": "be6fc138-0cf3-4f3e-8c74-28f19f4c4da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34797", "type": "seen", "source": "https://t.me/ctinow/156967", "content": "https://ift.tt/LIcC0p5\nCVE-2022-34797", "creation_timestamp": "2023-12-20T13:48:44.000000Z"}, {"uuid": "25cd894d-d627-4e6d-974b-fbf70cb0832a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34797", "type": "seen", "source": "https://t.me/cibsecurity/45454", "content": "\u203c CVE-2022-34797 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:44:02.000000Z"}, {"uuid": "14cd24e8-09bc-46a5-9a0a-a098b45e6657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34791", "type": "seen", "source": "https://t.me/cibsecurity/45447", "content": "\u203c CVE-2022-34791 \u203c\n\nJenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:54.000000Z"}, {"uuid": "ede16fd6-7d3d-4d67-bbf8-d703cedf1e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3479", "type": "seen", "source": "https://t.me/ctinow/182194", "content": "https://ift.tt/SDHJtv5\nCVE-2022-3479 | Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.0 Enterprise Infrastructure SEC denial of service", "creation_timestamp": "2024-02-09T18:56:50.000000Z"}, {"uuid": "76ac1e5c-c017-473f-a14b-7eb5237df40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3479", "type": "seen", "source": "https://t.me/cibsecurity/51470", "content": "\u203c CVE-2022-3479 \u203c\n\nA vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T20:35:11.000000Z"}, {"uuid": "78f412a1-39a1-46eb-bc65-8b3e0db5c8b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34794", "type": "seen", "source": "https://t.me/cibsecurity/45431", "content": "\u203c CVE-2022-34794 \u203c\n\nMissing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T23:17:34.000000Z"}, {"uuid": "cf8fa9ab-afc9-40ba-ae23-bcb04c561233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34795", "type": "seen", "source": "https://t.me/cibsecurity/45442", "content": "\u203c CVE-2022-34795 \u203c\n\nJenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:48.000000Z"}, {"uuid": "60846ade-de38-4866-916f-8784012928f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34799", "type": "seen", "source": "https://t.me/cibsecurity/45438", "content": "\u203c CVE-2022-34799 \u203c\n\nJenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:38:55.000000Z"}, {"uuid": "960614df-26af-4c23-ba61-9db87996f4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34790", "type": "seen", "source": "https://t.me/cibsecurity/45433", "content": "\u203c CVE-2022-34790 \u203c\n\nJenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:38:48.000000Z"}]}