{"vulnerability": "CVE-2021-2162", "sightings": [{"uuid": "8946018e-82c1-488a-8b2b-950bfce6ed16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21621", "type": "seen", "source": "https://t.me/cibsecurity/24082", "content": "\u203c CVE-2021-21621 \u203c\n\nJenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \"About user (basic authentication details only)\" information, which can include the session ID of the user creating the support bundle in some configurations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T18:36:59.000000Z"}, {"uuid": "c7848219-c363-496f-be5e-94772f8f9b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21625", "type": "seen", "source": "https://t.me/cibsecurity/25100", "content": "\u203c CVE-2021-21625 \u203c\n\nJenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:15.000000Z"}, {"uuid": "7644a432-3b97-463f-a754-d5e6ed55fcec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21622", "type": "seen", "source": "https://t.me/cibsecurity/24081", "content": "\u203c CVE-2021-21622 \u203c\n\nJenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T18:36:58.000000Z"}, {"uuid": "2d47072e-1ff7-4d60-9e3f-69a5b3c1aa74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21620", "type": "seen", "source": "https://t.me/cibsecurity/24073", "content": "\u203c CVE-2021-21620 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T18:36:50.000000Z"}]}