{"vulnerability": "cve-2023-3051", "sightings": [{"uuid": "6eb0f92f-cb3f-4883-985f-a6dd9d3b7b4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30517", "type": "seen", "source": "https://t.me/arpsyndicate/2330", "content": "#ExploitObserverAlert\n\nCVE-2023-30517\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30517. Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T16:48:12.000000Z"}, {"uuid": "c513792d-19a8-4c06-bff2-560b0df0c7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30510", "type": "seen", "source": "https://t.me/cibsecurity/64253", "content": "\u203c CVE-2023-30510 \u203c\n\nA vulnerability exists in the Aruba EdgeConnect Enterprise\u00c2\u00a0web management interface that allows remote authenticated\u00c2\u00a0users to issue arbitrary URL requests from the Aruba\u00c2\u00a0EdgeConnect Enterprise instance. The impact of this\u00c2\u00a0vulnerability is limited to a subset of URLs which can\u00c2\u00a0result in the possible disclosure of data due to the network\u00c2\u00a0position of the Aruba EdgeConnect Enterprise instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:46.000000Z"}, {"uuid": "7fc8dd61-f5f7-4eaa-86b5-6a48c7b996a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30518", "type": "seen", "source": "https://t.me/cibsecurity/61993", "content": "\u203c CVE-2023-30518 \u203c\n\nA missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:22.000000Z"}, {"uuid": "06d6f423-2a09-45ef-ac07-5a6591c8e66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30514", "type": "seen", "source": "https://t.me/cibsecurity/61985", "content": "\u203c CVE-2023-30514 \u203c\n\nJenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:11.000000Z"}, {"uuid": "26a3ef0c-c86a-4191-901f-63c1ece9ae3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30512", "type": "seen", "source": "https://t.me/cibsecurity/61962", "content": "\u203c CVE-2023-30512 \u203c\n\nCubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T12:24:00.000000Z"}, {"uuid": "07ea1e9f-521f-4f10-99e0-6283d201aecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30513", "type": "seen", "source": "https://t.me/cibsecurity/62003", "content": "\u203c CVE-2023-30513 \u203c\n\nJenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:37.000000Z"}, {"uuid": "72df8d29-debc-4b04-ba2d-86e6dcb5376f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30515", "type": "seen", "source": "https://t.me/cibsecurity/61997", "content": "\u203c CVE-2023-30515 \u203c\n\nJenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:28.000000Z"}, {"uuid": "595b4306-1555-4f90-80ff-452751ca624c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30519", "type": "seen", "source": "https://t.me/cibsecurity/61996", "content": "\u203c CVE-2023-30519 \u203c\n\nA missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:27.000000Z"}, {"uuid": "30f546cb-d99b-47db-a4fd-9b5f0861a5a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30517", "type": "seen", "source": "https://t.me/cibsecurity/61999", "content": "\u203c CVE-2023-30517 \u203c\n\nJenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:33.000000Z"}, {"uuid": "c8b058c4-63eb-4523-91f1-b9409f76b918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30516", "type": "seen", "source": "https://t.me/cibsecurity/61989", "content": "\u203c CVE-2023-30516 \u203c\n\nJenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T22:24:18.000000Z"}, {"uuid": "aad202cd-8da1-4253-8af1-65025aba2aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30510", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2660", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30510\n\ud83d\udd39 Description: A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance.\n\ud83d\udccf Published: 2023-05-16T18:56:20.679Z\n\ud83d\udccf Modified: 2025-01-22T20:15:47.705Z\n\ud83d\udd17 References:\n1. https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt", "creation_timestamp": "2025-01-22T21:02:25.000000Z"}]}