{"vulnerability": "cve-2022-3478", "sightings": [{"uuid": "c18f0000-c1dc-42c9-bd7f-af96a4013795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34781", "type": "seen", "source": "https://t.me/cibsecurity/45451", "content": "\u203c CVE-2022-34781 \u203c\n\nMissing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:59.000000Z"}, {"uuid": "ae85f612-d710-4e7c-b1ed-be3d9f5474c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34780", "type": "seen", "source": "https://t.me/cibsecurity/45441", "content": "\u203c CVE-2022-34780 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:47.000000Z"}, {"uuid": "177ef5fe-635b-48aa-9e87-8d986cceb0e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34786", "type": "seen", "source": "https://t.me/cibsecurity/45437", "content": "\u203c CVE-2022-34786 \u203c\n\nJenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:38:54.000000Z"}, {"uuid": "12352cd3-7ee1-4936-acfd-519666554b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34783", "type": "seen", "source": "https://t.me/cibsecurity/45436", "content": "\u203c CVE-2022-34783 \u203c\n\nJenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:38:53.000000Z"}, {"uuid": "e008c1c8-26f2-45c2-bf0d-9630fd50c0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34785", "type": "seen", "source": "https://t.me/cibsecurity/45435", "content": "\u203c CVE-2022-34785 \u203c\n\nJenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:38:51.000000Z"}, {"uuid": "b4e0e359-8959-470f-b46b-0bb7027897c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34784", "type": "seen", "source": "https://t.me/cibsecurity/45449", "content": "\u203c CVE-2022-34784 \u203c\n\nJenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:57.000000Z"}, {"uuid": "9930b71d-6de1-41b9-9d6f-dc5c3151834a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34782", "type": "seen", "source": "https://t.me/cibsecurity/45448", "content": "\u203c CVE-2022-34782 \u203c\n\nAn incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:55.000000Z"}, {"uuid": "15833f0e-a086-4b4d-96a3-d00b81857f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34788", "type": "seen", "source": "https://t.me/cibsecurity/45445", "content": "\u203c CVE-2022-34788 \u203c\n\nJenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:52.000000Z"}, {"uuid": "62d41250-8e2e-48b2-8ca0-7b74c00b81e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3478", "type": "seen", "source": "https://t.me/cibsecurity/56942", "content": "\u203c CVE-2022-3478 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T05:55:27.000000Z"}]}