{"vulnerability": "cve-2022-3689", "sightings": [{"uuid": "a6b5e367-ca5d-40fb-a866-d802611eff98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36896", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3lkgwesphe2", "content": "", "creation_timestamp": "2025-10-20T00:24:59.282747Z"}, {"uuid": "f8f88994-b174-4c92-9adb-823feac27207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3689", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon5noqx2s", "content": "", "creation_timestamp": "2025-03-26T21:02:08.216864Z"}, {"uuid": "64909721-c9ba-49c3-8b4b-514b55bc1513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3689", "type": "seen", "source": "https://t.me/cibsecurity/53575", "content": "\u203c CVE-2022-3689 \u203c\n\nThe HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-28T16:28:16.000000Z"}, {"uuid": "2a8f1df8-b8e7-454a-b78b-74c9f79c2685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36895", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m3m7s2zjxmc2", "content": "", "creation_timestamp": "2025-10-20T06:47:03.320581Z"}, {"uuid": "9901e2ff-d771-43b5-92da-46b70eb75047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3689", "type": "published-proof-of-concept", "source": "Telegram/zR3G7SfYkfnK69UNOpyls_8VYWA0vIOvRqvJArx2ZbPMEdo", "content": "", "creation_timestamp": "2025-03-18T10:00:06.000000Z"}, {"uuid": "42cde33f-3d15-4c97-a545-01dd669131ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36894", "type": "seen", "source": "https://t.me/cibsecurity/47108", "content": "\u203c CVE-2022-36894 \u203c\n\nAn arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:52:43.000000Z"}, {"uuid": "52e3cd7b-7251-42e0-bb31-6df80242d1e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36896", "type": "seen", "source": "https://t.me/cibsecurity/47097", "content": "\u203c CVE-2022-36896 \u203c\n\nA missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:54.000000Z"}, {"uuid": "22c5a6ca-9c87-4cbb-ba7b-9249c464a6d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36895", "type": "seen", "source": "https://t.me/cibsecurity/47090", "content": "\u203c CVE-2022-36895 \u203c\n\nA missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:44.000000Z"}, {"uuid": "b2a403dd-9a74-4868-913d-671c3c6c3de7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36897", "type": "seen", "source": "https://t.me/cibsecurity/47084", "content": "\u203c CVE-2022-36897 \u203c\n\nA missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:47:00.000000Z"}, {"uuid": "9b3e44a9-795a-4f87-b313-11bf4e82db6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36898", "type": "seen", "source": "https://t.me/cibsecurity/47069", "content": "\u203c CVE-2022-36898 \u203c\n\nA missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:36.000000Z"}, {"uuid": "9a2e0187-a78a-4974-aa46-04c191d76a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36893", "type": "seen", "source": "https://t.me/cibsecurity/47096", "content": "\u203c CVE-2022-36893 \u203c\n\nJenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:53.000000Z"}, {"uuid": "a4df5d21-a448-4adb-a149-8abd50d631c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36891", "type": "seen", "source": "https://t.me/cibsecurity/47082", "content": "\u203c CVE-2022-36891 \u203c\n\nA missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:55.000000Z"}, {"uuid": "470cf944-972e-4c87-ba9b-ce8c55fbda83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36899", "type": "seen", "source": "https://t.me/cibsecurity/47112", "content": "\u203c CVE-2022-36899 \u203c\n\nJenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:52:47.000000Z"}]}