{"vulnerability": "cve-2022-4340", "sightings": [{"uuid": "2b4e1f4b-891b-46f4-9a8d-f4c106adfdd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43401", "type": "seen", "source": "https://t.me/cibsecurity/51811", "content": "\u203c CVE-2022-43401 \u203c\n\nA sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-30T02:39:50.000000Z"}, {"uuid": "bcfa476f-e142-46cd-8839-2cdfbe8b3903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43407", "type": "seen", "source": "https://t.me/cibsecurity/51810", "content": "\u203c CVE-2022-43407 \u203c\n\nJenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:36.000000Z"}, {"uuid": "cd43687a-9c6f-4ba1-99e7-5e5be4e447ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43400", "type": "seen", "source": "https://t.me/cibsecurity/51920", "content": "\u203c CVE-2022-43400 \u203c\n\nA vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T18:22:35.000000Z"}, {"uuid": "179188a9-de19-49a7-bb98-7a025cc7c8a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43409", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2eonzctamd2", "content": "", "creation_timestamp": "2025-10-04T13:26:10.065316Z"}, {"uuid": "5be9ab83-4c1a-45bf-b628-1ff4bbc4e4f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4340", "type": "seen", "source": "https://t.me/cibsecurity/55772", "content": "\u203c CVE-2022-4340 \u203c\n\nThe BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:29:47.000000Z"}, {"uuid": "b55e5292-60c9-44af-a155-5429695a8277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43408", "type": "seen", "source": "https://t.me/cibsecurity/51804", "content": "\u203c CVE-2022-43408 \u203c\n\nJenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:28.000000Z"}, {"uuid": "84a962e4-ee76-4a56-8df0-5418235b0bcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43409", "type": "seen", "source": "https://t.me/cibsecurity/51797", "content": "\u203c CVE-2022-43409 \u203c\n\nJenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T20:15:20.000000Z"}, {"uuid": "b488f903-1118-442e-b1d0-b67ecc5fc51f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43408", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2dz6qfykut2", "content": "", "creation_timestamp": "2025-10-04T07:02:40.661015Z"}, {"uuid": "e6cf9b4b-5d22-4656-8746-941db04176cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43408", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3m2dztqk6ji2v", "content": "", "creation_timestamp": "2025-10-04T07:13:11.676204Z"}]}