{"vulnerability": "GHSA-CJGM-9VC9-56MX", "sightings": [{"uuid": "b0aea994-d74f-498d-9506-b92e6c2f7af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-CJGM-9VC9-56MX", "type": "seen", "source": "https://t.me/arpsyndicate/3076", "content": "#ExploitObserverAlert\n\nGHSA-cjgm-9vc9-56mx\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-cjgm-9vc9-56mx. Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.", "creation_timestamp": "2024-01-26T21:20:27.000000Z"}, {"uuid": "37cff043-fa7a-462a-b932-2ffcb295d410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-CJGM-9VC9-56MX", "type": "seen", "source": "https://t.me/ctinow/173145", "content": "https://ift.tt/tfVZvbD\n[GHSA-cjgm-9vc9-56mx] Path traversal vulnerability in Jenkins Matrix Project Plugin", "creation_timestamp": "2024-01-24T22:57:36.000000Z"}]}