{"vulnerability": "CVE-2022-2434", "sightings": [{"uuid": "16e3607f-e435-4af7-ab85-ee9d50f609fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2627", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication\nURL\uff1ahttps://github.com/yuriisanin/CVE-2022-24342\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-02T22:47:20.000000Z"}, {"uuid": "85db0585-f561-4f4d-9190-23be005d3b16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"}, {"uuid": "6e19a463-ef90-4fe1-a2e2-8276c347fdad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1488", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-24348 Test\nURL\uff1ahttps://github.com/mochizuki875/helm-sample", "creation_timestamp": "2022-02-10T09:57:42.000000Z"}, {"uuid": "99ed102d-943d-4c8e-9048-51346a35b51e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cKure/8719", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day: Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9.", "creation_timestamp": "2022-02-06T14:46:31.000000Z"}, {"uuid": "10f84c3a-5be0-407e-b48a-310fd6fec6af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "seen", "source": "Telegram/k8m3X8YhQhkrr48KHoFrxNHe2bYjefr1euD_m-0TzPewCA", "content": "", "creation_timestamp": "2022-07-05T06:24:51.000000Z"}, {"uuid": "743e9cea-0e37-4785-9b59-92c9ba299006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/903", "content": "CVE-2022-24342\nJetBrains TeamCity - account takeover via CSRF in GitHub authentication (PoC exploit)\n\u0421\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0435\u043c\u043e\u0435 \u043a\u0438\u043d\u043e \u0442\u0443\u0442\n\n#cve #poc", "creation_timestamp": "2022-07-04T10:35:33.000000Z"}, {"uuid": "919028cb-227d-4751-8433-5f5fce92fd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1315", "content": "CVE-2022-24342 account takeover via CSRF\n\n#CVE-2022-24342 #vulnerability #GitHub #CSRF #Exploit\n#CyberSecurity #BugBountry #Hacking #OSINT #Pentest\n\nhttps://reconshell.com/cve-2022-24342-account-takeover-via-csrf/", "creation_timestamp": "2022-07-04T20:48:01.000000Z"}, {"uuid": "830e5410-697f-4a0d-822b-2d910aecbb05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "published-proof-of-concept", "source": "Telegram/fdGFZ2gHKmG2voL4zAoI2grAco9RuTEEk8kCLVh8z6GA7A", "content": "", "creation_timestamp": "2022-07-04T16:35:34.000000Z"}, {"uuid": "db848cc5-2654-4f2f-b461-4ce34c1ffb7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "seen", "source": "https://t.me/crackcodes/796", "content": "Today's Update\n1. nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)\n2. Collection of Exploits, CVES(Unauthenticated) and Wordpress Scanners\n3. CVE-2022-24706 exploit\n4. Androguard Tool - Reverse engineering and pentesting of Android applications.\n5. Amsi-Bypass-Powershell Scripts\n6. Bug-Bounty-Tips\n7. nacs - Event-driven pentest scanner\n8. Malaysia locatefamily Data leak\n9. Jaeles \u2013 The Swiss Army knife for automated Web Application Testing\n10. D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife \u2013 Lateral movement using DCOM Objects\n11. Pak Military Garments Company Data dump Video\n12. CVE-2022-24342 - JetBrains TeamCity \u2013 account takeover via CSRF in GitHub authentication (PoC)\n\nLink:- https://forum.hackbyte.org", "creation_timestamp": "2022-07-05T14:02:24.000000Z"}, {"uuid": "36291ca1-53c9-4b78-9b08-0f952e499afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cibsecurity/36862", "content": "\u274c Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers \u274c\n\nThe popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2022-02-04T19:47:38.000000Z"}, {"uuid": "5f5f4760-7b88-4b1f-a7da-b12c75e4723c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24343", "type": "seen", "source": "https://t.me/cibsecurity/38104", "content": "\u203c CVE-2022-24343 \u203c\n\nIn JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:13.000000Z"}, {"uuid": "9da60001-56cd-4c99-8f4a-92952742ec53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24349", "type": "seen", "source": "https://t.me/cibsecurity/38623", "content": "\u203c CVE-2022-24349 \u203c\n\nAn authenticated user can create a link with reflected XSS payload for actions\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:13.000000Z"}, {"uuid": "17859613-64d5-4507-8d60-b05388c06766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cibsecurity/36888", "content": "\u203c CVE-2022-24348 \u203c\n\nArgo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T00:31:17.000000Z"}, {"uuid": "d9a15f00-e51f-403d-8a85-41c16990df82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "exploited", "source": "https://t.me/thehackernews/1860", "content": "A new vulnerability (CVE-2022-24348) has been discovered in Argo CD, which is used by thousands of organizations globally, could let hackers steal sensitive information such as secrets, passwords, and API keys from Kubernetes apps.\n\nDetails: https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html", "creation_timestamp": "2022-02-06T06:49:12.000000Z"}, {"uuid": "777d8fe2-e2b9-46ca-bb88-4f7fed466b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24347", "type": "seen", "source": "https://t.me/cibsecurity/38094", "content": "\u203c CVE-2022-24347 \u203c\n\nJetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:48.000000Z"}, {"uuid": "87a22220-c96a-40a7-9430-a1be21d9aad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24345", "type": "seen", "source": "https://t.me/cibsecurity/38092", "content": "\u203c CVE-2022-24345 \u203c\n\nIn JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:46.000000Z"}, {"uuid": "045f0db7-f7ef-4c18-8491-e7bc5c5d79a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24340", "type": "seen", "source": "https://t.me/cibsecurity/38091", "content": "\u203c CVE-2022-24340 \u203c\n\nIn JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:44.000000Z"}, {"uuid": "fb32af4b-3116-40f8-b8ba-2879e1c4540c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24346", "type": "seen", "source": "https://t.me/cibsecurity/38099", "content": "\u203c CVE-2022-24346 \u203c\n\nIn JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:01.000000Z"}, {"uuid": "5163e7fc-bbe3-4c57-ad8e-2cf5068acdd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "seen", "source": "https://t.me/cibsecurity/38108", "content": "\u203c CVE-2022-24342 \u203c\n\nIn JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:20.000000Z"}, {"uuid": "503b1433-7def-4dab-ac8b-0d6e4f759db1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24344", "type": "seen", "source": "https://t.me/cibsecurity/38106", "content": "\u203c CVE-2022-24344 \u203c\n\nJetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:17.000000Z"}, {"uuid": "d5dd1eba-ca76-4b9a-8c67-1f262e819dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24342", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2198", "content": "#CVE-2022\n\nPoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication\n\nhttps://github.com/yuriisanin/CVE-2022-24342\n\n@BlueRedTeam", "creation_timestamp": "2022-07-03T06:33:56.000000Z"}, {"uuid": "ceccac1b-7829-41eb-ade3-2bc0f87258d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5367", "content": "#Threat_Research\n1. CVE-2022-24348:\nCharts can be used to steal sensitive information from Argo CD deployments\nhttps://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments\n2. Shadow Credentials\nhttps://pentestlab.blog/2022/02/07/shadow-credentials", "creation_timestamp": "2022-02-08T11:01:01.000000Z"}]}