{"vulnerability": "cve-2023-4193", "sightings": [{"uuid": "1dceacfd-305c-40d6-b6b1-a3e0fa9de242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41939", "type": "seen", "source": "https://t.me/cibsecurity/70009", "content": "\u203c CVE-2023-41939 \u203c\n\nJenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:52.000000Z"}, {"uuid": "2b989cae-fa89-4bbd-93e9-b16176194840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41936", "type": "seen", "source": "https://t.me/cibsecurity/70006", "content": "\u203c CVE-2023-41936 \u203c\n\nJenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:49.000000Z"}, {"uuid": "97aa477c-2422-43d2-991f-ade62be6d4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41937", "type": "seen", "source": "https://t.me/cibsecurity/69997", "content": "\u203c CVE-2023-41937 \u203c\n\nJenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:39.000000Z"}, {"uuid": "d2654ae5-5991-42d5-a36a-9a9728ddc2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41932", "type": "seen", "source": "https://t.me/cibsecurity/69996", "content": "\u203c CVE-2023-41932 \u203c\n\nJenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:38.000000Z"}, {"uuid": "42686919-8ff2-492a-bb55-f3962ad65ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4193", "type": "seen", "source": "https://t.me/cibsecurity/67843", "content": "\u203c CVE-2023-4193 \u203c\n\nA vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T07:13:04.000000Z"}, {"uuid": "595d18f4-2a3a-42cd-a242-c8ac343fabf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41933", "type": "seen", "source": "https://t.me/cibsecurity/70000", "content": "\u203c CVE-2023-41933 \u203c\n\nJenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:42.000000Z"}, {"uuid": "d57c7e8e-8895-4c08-beeb-898d318d0310", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41934", "type": "seen", "source": "https://t.me/cibsecurity/70003", "content": "\u203c CVE-2023-41934 \u203c\n\nJenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if \"Treat username as secret\" is checked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:46.000000Z"}, {"uuid": "253f1986-cfe0-4d53-b91d-7b0b59313344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-41931", "type": "seen", "source": "https://t.me/cibsecurity/70001", "content": "\u203c CVE-2023-41931 \u203c\n\nJenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:44.000000Z"}]}