{"vulnerability": "CVE-2023-2281", "sightings": [{"uuid": "e6cf9bcb-956c-4081-81e8-fc426af16991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22812", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lyqy4czbo5h2", "content": "", "creation_timestamp": "2025-09-13T23:56:25.891648Z"}, {"uuid": "cba55ad0-544c-461e-9282-27380f4c7eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22812", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lyr52wqbq72f", "content": "", "creation_timestamp": "2025-09-14T01:25:08.009629Z"}, {"uuid": "21f16bf4-4278-4250-a899-9e6e7c19853c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22819", "type": "seen", "source": "https://t.me/ctinow/179584", "content": "https://ift.tt/yoKARDp\nCVE-2023-22819", "creation_timestamp": "2024-02-05T23:26:53.000000Z"}, {"uuid": "c2f0b2c4-7d1f-4c5e-a427-31383235153e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22817", "type": "seen", "source": "https://t.me/ctinow/179583", "content": "https://ift.tt/HhqP3vW\nCVE-2023-22817", "creation_timestamp": "2024-02-05T23:26:52.000000Z"}, {"uuid": "160b167b-000e-4418-9916-f040ee5dbdcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22813", "type": "seen", "source": "https://t.me/cibsecurity/63528", "content": "\u203c CVE-2023-22813 \u203c\n\nA device API endpoint was missing access controls on\u00c2\u00a0Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App.\u00c2\u00a0Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T02:37:55.000000Z"}, {"uuid": "2abc9e46-df5b-4368-973e-a94f2df7e6c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22814", "type": "seen", "source": "https://t.me/cibsecurity/65834", "content": "\u203c CVE-2023-22814 \u203c\n\nAn authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.This issue affects My Cloud OS 5 devices: before 5.26.202.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-01T07:15:36.000000Z"}, {"uuid": "93652788-3b19-4a71-9b7e-d2aaab58ec20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2281", "type": "seen", "source": "https://t.me/cibsecurity/62810", "content": "\u203c CVE-2023-2281 \u203c\n\nWhen archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T18:25:05.000000Z"}]}