{"vulnerability": "CVE-2022-2719", "sightings": [{"uuid": "c6732680-64d3-4bef-8ae8-74deee8d61a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27191", "type": "seen", "source": "https://t.me/cibsecurity/39192", "content": "\u203c CVE-2022-27191 \u203c\n\ngolang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T12:10:16.000000Z"}, {"uuid": "515e9244-593d-4c19-80ec-e33b0aa7d55f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27191", "type": "seen", "source": "https://t.me/arpsyndicate/135", "content": "#ExploitObserverAlert\n\nCVE-2022-27191\n\nDESCRIPTION: Exploit Observer has 24 entries related to CVE-2022-27191. The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.\n\nFIRST-EPSS: 0.002530000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-13T01:04:00.000000Z"}, {"uuid": "1595e33a-75e6-4ff8-93a4-a60b8be03a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27192", "type": "seen", "source": "https://t.me/cibsecurity/39474", "content": "\u203c CVE-2022-27192 \u203c\n\nThe Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-24T01:29:16.000000Z"}, {"uuid": "477672b6-6fd0-4dbc-b842-cd1fa02a4f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27199", "type": "seen", "source": "https://t.me/cibsecurity/38948", "content": "\u203c CVE-2022-27199 \u203c\n\nA missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:42.000000Z"}, {"uuid": "396ac023-b8bc-41b8-92d6-b9cdcd5a9781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27195", "type": "seen", "source": "https://t.me/cibsecurity/38936", "content": "\u203c CVE-2022-27195 \u203c\n\nJenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:27.000000Z"}, {"uuid": "dc9333de-e7cc-46c8-911f-8cac9b1a8701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27197", "type": "seen", "source": "https://t.me/cibsecurity/38947", "content": "\u203c CVE-2022-27197 \u203c\n\nJenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:41.000000Z"}]}