{"vulnerability": "cve-2023-2442", "sightings": [{"uuid": "7a50707e-80a9-481b-bd71-dfaec804383c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24423", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10076", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24423\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T14:27:49.805Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2137", "creation_timestamp": "2025-04-02T14:33:53.000000Z"}, {"uuid": "bc96dbf5-f490-4a0d-81bd-cdd662e4824b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24422", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto3a4jh2u", "content": "", "creation_timestamp": "2025-08-21T21:02:37.095935Z"}, {"uuid": "828d0ddc-9974-4fa1-b179-dc0713b543a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24429", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzki6psuree2", "content": "", "creation_timestamp": "2025-09-24T03:20:51.144201Z"}, {"uuid": "6f032de1-49ac-452b-bb29-6b2bdeb54526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24422", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10075", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24422\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T14:30:51.711Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "creation_timestamp": "2025-04-02T14:33:52.000000Z"}, {"uuid": "239739d8-5de7-47fb-88c0-89114bc2b4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24428", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10079", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24428\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T14:24:00.309Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2981", "creation_timestamp": "2025-04-02T14:33:59.000000Z"}, {"uuid": "23eab457-1acd-4f2c-9ae3-111d378cb8d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24427", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10078", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24427\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T14:25:07.812Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2982", "creation_timestamp": "2025-04-02T14:33:55.000000Z"}, {"uuid": "dc49101e-4082-44a3-915b-f592356e65a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24429", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10081", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24429\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T14:22:13.481Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20%281%29", "creation_timestamp": "2025-04-02T14:34:01.000000Z"}, {"uuid": "e1a2569f-9263-4aed-8f7c-42c2b2e2e0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24427", "type": "seen", "source": "https://t.me/cibsecurity/56999", "content": "\u203c CVE-2023-24427 \u203c\n\nJenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:46:51.000000Z"}, {"uuid": "36acc91c-1080-475f-baa2-dbe703919d55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24420", "type": "seen", "source": "https://t.me/cibsecurity/65268", "content": "\u203c CVE-2023-24420 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <=\u00c2\u00a01.1.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-15T18:22:15.000000Z"}, {"uuid": "fa297014-ff45-43df-852d-94de17573cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24421", "type": "seen", "source": "https://t.me/cibsecurity/66341", "content": "\u203c CVE-2023-24421 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <=\u00c2\u00a01.5.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T12:45:44.000000Z"}, {"uuid": "d13f4890-3a2b-4e9f-86ba-f035d71c9ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24429", "type": "seen", "source": "https://t.me/cibsecurity/56963", "content": "\u203c CVE-2023-24429 \u203c\n\nJenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:38:59.000000Z"}]}