{"vulnerability": "CVE-2022-3691", "sightings": [{"uuid": "42964ebc-b887-4a95-9d4e-55eebc6d3b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36914", "type": "seen", "source": "https://t.me/cibsecurity/47076", "content": "\u203c CVE-2022-36914 \u203c\n\nJenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T11:52:11.000000Z"}, {"uuid": "223dead7-7bd7-448d-be79-909dbf0086b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36911", "type": "seen", "source": "https://t.me/cibsecurity/47102", "content": "\u203c CVE-2022-36911 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:50:02.000000Z"}, {"uuid": "e510acf0-86e4-48d1-9769-8de4a13ed94b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36918", "type": "seen", "source": "https://t.me/cibsecurity/47101", "content": "\u203c CVE-2022-36918 \u203c\n\nJenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:50:01.000000Z"}, {"uuid": "05db4110-1714-4f02-86a2-ee394f5514ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36916", "type": "seen", "source": "https://t.me/cibsecurity/47100", "content": "\u203c CVE-2022-36916 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:50:00.000000Z"}, {"uuid": "50850775-7cbe-40bf-b0cd-444ba8783109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36910", "type": "seen", "source": "https://t.me/cibsecurity/47098", "content": "\u203c CVE-2022-36910 \u203c\n\nJenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:55.000000Z"}, {"uuid": "81df9710-0143-4bb3-8fa8-bb5676f52356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36915", "type": "seen", "source": "https://t.me/cibsecurity/47093", "content": "\u203c CVE-2022-36915 \u203c\n\nJenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:47.000000Z"}, {"uuid": "b34f5fad-830f-45b5-bb00-834fc0d0eb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36913", "type": "seen", "source": "https://t.me/cibsecurity/47091", "content": "\u203c CVE-2022-36913 \u203c\n\nJenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:45.000000Z"}, {"uuid": "5f43579e-416c-46c4-a9d6-4c504190dc65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36917", "type": "seen", "source": "https://t.me/cibsecurity/47079", "content": "\u203c CVE-2022-36917 \u203c\n\nA missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:52.000000Z"}, {"uuid": "c773961f-a18a-4b20-9d37-7296f74dc8d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36919", "type": "seen", "source": "https://t.me/cibsecurity/47085", "content": "\u203c CVE-2022-36919 \u203c\n\nA missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:37.000000Z"}, {"uuid": "b7589fd9-4e76-4fe1-9c5d-5b9ff4e5fe22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36912", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36912\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\ud83d\udccf Published: 2022-07-27T14:27:18.000Z\n\ud83d\udccf Modified: 2025-05-05T16:13:36.924Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%281%29\n2. http://www.openwall.com/lists/oss-security/2022/07/27/1", "creation_timestamp": "2025-05-05T16:19:47.000000Z"}]}