{"vulnerability": "cve-2023-3795", "sightings": [{"uuid": "0cdc98cf-c60b-4336-a81c-9e33f6dcdeb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37958", "type": "seen", "source": "https://gist.github.com/Darkcrai86/1cd3295055eb6a329d3be22634115855", "content": "", "creation_timestamp": "2025-09-11T20:31:32.000000Z"}, {"uuid": "988d9779-7a12-46ea-bb2d-52f435807822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3795", "type": "seen", "source": "https://t.me/cibsecurity/67064", "content": "\u203c CVE-2023-3795 \u203c\n\nA vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /property of the component GET Parameter Handler. The manipulation of the argument name leads to sql injection. The associated identifier of this vulnerability is VDB-235063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T04:00:40.000000Z"}, {"uuid": "460da9ef-24e3-47b0-a7a3-380148e232e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37957", "type": "seen", "source": "https://t.me/cibsecurity/66587", "content": "\u203c CVE-2023-37957 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:26:03.000000Z"}, {"uuid": "3af88636-3fdb-44ad-b4ca-b9cd353de627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37956", "type": "seen", "source": "https://t.me/cibsecurity/66571", "content": "\u203c CVE-2023-37956 \u203c\n\nA missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:43.000000Z"}, {"uuid": "a8c37187-393a-47ab-b364-888bca73e3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37955", "type": "seen", "source": "https://t.me/cibsecurity/66570", "content": "\u203c CVE-2023-37955 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:42.000000Z"}, {"uuid": "8e698898-495b-4cf5-a4cc-4ecc8e15b929", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37951", "type": "seen", "source": "https://t.me/cibsecurity/66580", "content": "\u203c CVE-2023-37951 \u203c\n\nJenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:53.000000Z"}, {"uuid": "0cbae71c-bbcf-4f3a-92c6-ad031dad9226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37952", "type": "seen", "source": "https://t.me/cibsecurity/66578", "content": "\u203c CVE-2023-37952 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:51.000000Z"}, {"uuid": "3dc7e0b5-6692-49d2-9275-96a27e6c5804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37954", "type": "seen", "source": "https://t.me/cibsecurity/66586", "content": "\u203c CVE-2023-37954 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:26:02.000000Z"}, {"uuid": "7d0efadc-17a5-40dd-8d58-6739b31e5e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37959", "type": "seen", "source": "https://t.me/cibsecurity/66575", "content": "\u203c CVE-2023-37959 \u203c\n\nA missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:25:47.000000Z"}]}