{"vulnerability": "CVE-2022-2520", "sightings": [{"uuid": "e18ec12a-4af1-42a7-ba20-ad1707495b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2520", "type": "seen", "source": "https://t.me/cibsecurity/49114", "content": "\u203c CVE-2022-2520 \u203c\n\nA flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:37:03.000000Z"}, {"uuid": "83fb6c6e-0485-4b6e-82f0-83b9a4277967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25209", "type": "seen", "source": "https://t.me/cibsecurity/37526", "content": "\u203c CVE-2022-25209 \u203c\n\nJenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:56.000000Z"}, {"uuid": "105483a1-9c49-406e-b36e-cf62b2ec101d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25201", "type": "seen", "source": "https://t.me/cibsecurity/37525", "content": "\u203c CVE-2022-25201 \u203c\n\nMissing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:55.000000Z"}, {"uuid": "2aa191fa-c351-44f3-ac28-90d8819585dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25206", "type": "seen", "source": "https://t.me/cibsecurity/37523", "content": "\u203c CVE-2022-25206 \u203c\n\nA missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:51.000000Z"}, {"uuid": "449381fd-11d5-49fc-8ec2-b64bc38a83ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25205", "type": "seen", "source": "https://t.me/cibsecurity/37520", "content": "\u203c CVE-2022-25205 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:46.000000Z"}, {"uuid": "77da3037-0c5a-48ec-8d84-8f2b0e68d5a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25208", "type": "seen", "source": "https://t.me/cibsecurity/37510", "content": "\u203c CVE-2022-25208 \u203c\n\nA missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:31.000000Z"}, {"uuid": "58c24d12-d2be-46ad-81aa-924f3ad1d193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25200", "type": "seen", "source": "https://t.me/cibsecurity/37507", "content": "\u203c CVE-2022-25200 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T20:35:25.000000Z"}]}