{"vulnerability": "cve-2022-2814", "sightings": [{"uuid": "31c44215-9634-4f94-871f-e07d84d23f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28149", "type": "seen", "source": "https://t.me/cibsecurity/39723", "content": "\u203c CVE-2022-28149 \u203c\n\nJenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:11.000000Z"}, {"uuid": "6b4eae85-d839-4cb1-a818-4860ddb2b2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28140", "type": "seen", "source": "https://t.me/cibsecurity/39737", "content": "\u203c CVE-2022-28140 \u203c\n\nJenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:30.000000Z"}, {"uuid": "5e58abd7-87b8-4056-9efa-e4873423649c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28148", "type": "seen", "source": "https://t.me/cibsecurity/39735", "content": "\u203c CVE-2022-28148 \u203c\n\nThe file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:28.000000Z"}, {"uuid": "92a3b60d-44ab-4613-815c-c7b1bf2de39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28142", "type": "seen", "source": "https://t.me/cibsecurity/39734", "content": "\u203c CVE-2022-28142 \u203c\n\nJenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:27.000000Z"}, {"uuid": "7bd6099e-82ce-446c-90a6-4ffede224ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28146", "type": "seen", "source": "https://t.me/cibsecurity/39733", "content": "\u203c CVE-2022-28146 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:26.000000Z"}, {"uuid": "7f231516-f741-4a6e-a599-f87a08402c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28145", "type": "seen", "source": "https://t.me/cibsecurity/39726", "content": "\u203c CVE-2022-28145 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:13.000000Z"}, {"uuid": "39e80f4f-e273-4045-a04e-c88439f57324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28147", "type": "seen", "source": "https://t.me/cibsecurity/39740", "content": "\u203c CVE-2022-28147 \u203c\n\nA missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T17:00:46.000000Z"}]}