{"vulnerability": "cve-2022-4124", "sightings": [{"uuid": "8c0247e6-dea3-4b12-ba1a-e6d864159438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41245", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2j46vhouyz2", "content": "", "creation_timestamp": "2025-10-06T07:38:48.407385Z"}, {"uuid": "6c53aca1-9777-4cf5-8f11-83460ad50cf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41248", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2mwce676nz2", "content": "", "creation_timestamp": "2025-10-07T20:03:52.217522Z"}, {"uuid": "7da061b4-1bb5-4a79-b3af-10c422867e29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4124", "type": "seen", "source": "https://t.me/cibsecurity/54872", "content": "\u203c CVE-2022-4124 \u203c\n\nThe Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T16:10:48.000000Z"}, {"uuid": "73f05906-beae-4648-9289-63363b26395e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41240", "type": "seen", "source": "https://t.me/cibsecurity/50216", "content": "\u203c CVE-2022-41240 \u203c\n\nJenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:28.000000Z"}, {"uuid": "d72fd71a-7d65-4984-8400-643755143741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41244", "type": "seen", "source": "https://t.me/cibsecurity/50214", "content": "\u203c CVE-2022-41244 \u203c\n\nJenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:26.000000Z"}, {"uuid": "7b5e7ab8-088b-441e-9a3c-51f0ebf242e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41245", "type": "seen", "source": "https://t.me/cibsecurity/50210", "content": "\u203c CVE-2022-41245 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:21.000000Z"}, {"uuid": "8e90b500-1c9f-449d-b59e-506ee60909ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41243", "type": "seen", "source": "https://t.me/cibsecurity/50208", "content": "\u203c CVE-2022-41243 \u203c\n\nJenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:19.000000Z"}, {"uuid": "d219a7f5-a8f5-4485-abec-0e76284dabe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41249", "type": "seen", "source": "https://t.me/cibsecurity/50207", "content": "\u203c CVE-2022-41249 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:18.000000Z"}, {"uuid": "db3981ab-d351-451b-97ff-6ca13110fe67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41247", "type": "seen", "source": "https://t.me/cibsecurity/50205", "content": "\u203c CVE-2022-41247 \u203c\n\nJenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:16.000000Z"}]}