{"vulnerability": "CVE-2022-2720", "sightings": [{"uuid": "c510b0a8-7458-405b-89b8-d60c59d2bd81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2720", "type": "seen", "source": "https://t.me/cibsecurity/51256", "content": "\u203c CVE-2022-2720 \u203c\n\nIn affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T12:40:50.000000Z"}, {"uuid": "74ef399e-de1a-4493-a33e-75a59c5ad52a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27204", "type": "seen", "source": "https://t.me/cibsecurity/38946", "content": "\u203c CVE-2022-27204 \u203c\n\nA cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:40.000000Z"}, {"uuid": "71a0abd6-5aa2-4c29-972c-9a4b3a988a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27205", "type": "seen", "source": "https://t.me/cibsecurity/38943", "content": "\u203c CVE-2022-27205 \u203c\n\nA missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:34.000000Z"}, {"uuid": "271ade47-c382-4c47-b541-b3f640527fa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27202", "type": "seen", "source": "https://t.me/cibsecurity/38938", "content": "\u203c CVE-2022-27202 \u203c\n\nJenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:29.000000Z"}, {"uuid": "ec24e333-5c64-40e7-a6fb-205f15beda56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27207", "type": "seen", "source": "https://t.me/cibsecurity/38939", "content": "\u203c CVE-2022-27207 \u203c\n\nJenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:30.000000Z"}, {"uuid": "43720ef4-395a-4f6b-ae6e-b4526835df8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27208", "type": "seen", "source": "https://t.me/cibsecurity/38945", "content": "\u203c CVE-2022-27208 \u203c\n\nJenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:39.000000Z"}, {"uuid": "8cb4774c-06ca-45eb-a56f-cc209a331880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27200", "type": "seen", "source": "https://t.me/cibsecurity/38953", "content": "\u203c CVE-2022-27200 \u203c\n\nJenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:48.000000Z"}]}