https://vulnerability.circl.lu/sightings/feed 2026-05-04T09:29:41.635691+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/993e1ad2-2187-4bd9-9f09-98839f91a961/export 2026-05-04T09:29:42.016169+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "993e1ad2-2187-4bd9-9f09-98839f91a961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40347", "type": "seen", "source": "https://t.me/cibsecurity/68651", "content": "\u203c CVE-2023-40347 \u203c\n\nJenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:49:41.000000Z"} 2023-08-16T18:49:41+00:00 https://vulnerability.circl.lu/sighting/e1e7e5c9-cd2e-42d2-a94c-2d23517651e9/export 2026-05-04T09:29:42.016089+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e1e7e5c9-cd2e-42d2-a94c-2d23517651e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40342", "type": "seen", "source": "https://t.me/cibsecurity/68652", "content": "\u203c CVE-2023-40342 \u203c\n\nJenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:49:42.000000Z"} 2023-08-16T18:49:42+00:00 https://vulnerability.circl.lu/sighting/6fa15a8d-c968-453c-9e39-6b2cc13591bf/export 2026-05-04T09:29:42.016010+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "6fa15a8d-c968-453c-9e39-6b2cc13591bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40348", "type": "seen", "source": "https://t.me/cibsecurity/68662", "content": "\u203c CVE-2023-40348 \u203c\n\nThe webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:49:55.000000Z"} 2023-08-16T18:49:55+00:00 https://vulnerability.circl.lu/sighting/e72fea63-b4e6-472b-9feb-7afc34edbe5a/export 2026-05-04T09:29:42.015912+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e72fea63-b4e6-472b-9feb-7afc34edbe5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40345", "type": "seen", "source": "https://t.me/cibsecurity/68665", "content": "\u203c CVE-2023-40345 \u203c\n\nJenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:52:42.000000Z"} 2023-08-16T18:52:42+00:00 https://vulnerability.circl.lu/sighting/08c06cf1-b5c7-4a78-bb98-48aef71eb8b1/export 2026-05-04T09:29:42.015794+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "08c06cf1-b5c7-4a78-bb98-48aef71eb8b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40343", "type": "seen", "source": "https://t.me/cibsecurity/68667", "content": "\u203c CVE-2023-40343 \u203c\n\nJenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:52:44.000000Z"} 2023-08-16T18:52:44+00:00 https://vulnerability.circl.lu/sighting/121a9b4e-7499-48e7-bee7-89d97cd556a2/export 2026-05-04T09:29:42.014182+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "121a9b4e-7499-48e7-bee7-89d97cd556a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4034", "type": "seen", "source": "https://t.me/cibsecurity/69887", "content": "\u203c CVE-2023-4034 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T22:16:54.000000Z"} 2023-09-05T22:16:54+00:00