{"vulnerability": "CVE-2022-2721", "sightings": [{"uuid": "e706a173-f4da-44cc-86e2-a37a4bf64378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2721", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13494", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2721\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T17:32:15.673Z\n\ud83d\udd17 References:\n1. https://advisories.octopus.com/post/2022/sa2022-24/", "creation_timestamp": "2025-04-25T18:08:31.000000Z"}, {"uuid": "4ec94008-d547-44da-bdda-300e25f5671c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2721", "type": "seen", "source": "https://t.me/cibsecurity/53487", "content": "\u203c CVE-2022-2721 \u203c\n\nIn affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T07:15:08.000000Z"}, {"uuid": "2a58df57-8914-4806-bba6-c26548ca2671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27214", "type": "seen", "source": "https://t.me/cibsecurity/38935", "content": "\u203c CVE-2022-27214 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:26.000000Z"}, {"uuid": "5a9ed567-b805-438f-b691-eb0b865a0fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27219", "type": "seen", "source": "https://t.me/cibsecurity/44395", "content": "\u203c CVE-2022-27219 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:23:48.000000Z"}, {"uuid": "7558b563-a5c7-487e-8fbb-b2ce3bcf04ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27215", "type": "seen", "source": "https://t.me/cibsecurity/38942", "content": "\u203c CVE-2022-27215 \u203c\n\nA missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:33.000000Z"}, {"uuid": "af55da5f-fdf2-4dc0-b992-7451f20ff6f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27218", "type": "seen", "source": "https://t.me/cibsecurity/38954", "content": "\u203c CVE-2022-27218 \u203c\n\nJenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:49.000000Z"}, {"uuid": "280f0882-b548-4fa3-843d-6b048320020e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27213", "type": "seen", "source": "https://t.me/cibsecurity/38950", "content": "\u203c CVE-2022-27213 \u203c\n\nJenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:44.000000Z"}, {"uuid": "398a9a74-5e6a-4c37-9e2d-3937fa5c36bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27212", "type": "seen", "source": "https://t.me/cibsecurity/38949", "content": "\u203c CVE-2022-27212 \u203c\n\nJenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:43.000000Z"}]}