{"vulnerability": "CVE-2022-2519", "sightings": [{"uuid": "e13ad1ee-74f0-4876-9e12-995c5631572c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2519", "type": "seen", "source": "https://t.me/cibsecurity/49120", "content": "\u203c CVE-2022-2519 \u203c\n\nThere is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:37:10.000000Z"}, {"uuid": "67344c55-ee70-4e80-a511-f28e11e2e45f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25191", "type": "seen", "source": "https://t.me/cibsecurity/37511", "content": "\u203c CVE-2022-25191 \u203c\n\nJenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:32.000000Z"}, {"uuid": "11b8d907-98b6-4f44-a87b-f5199c8d6819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25195", "type": "seen", "source": "https://t.me/cibsecurity/37508", "content": "\u203c CVE-2022-25195 \u203c\n\nA missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:26.000000Z"}, {"uuid": "344b775d-0855-466d-b3cf-8bbdbba1df4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25198", "type": "seen", "source": "https://t.me/cibsecurity/37516", "content": "\u203c CVE-2022-25198 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:40.000000Z"}, {"uuid": "0d2e0370-b85b-47aa-8c7a-e71810d9f581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25196", "type": "seen", "source": "https://t.me/cibsecurity/37514", "content": "\u203c CVE-2022-25196 \u203c\n\nJenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:37.000000Z"}, {"uuid": "a23adefd-5d95-42a6-b35f-3d4e38b63cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25197", "type": "seen", "source": "https://t.me/cibsecurity/37513", "content": "\u203c CVE-2022-25197 \u203c\n\nJenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:36.000000Z"}]}