{"vulnerability": "CVE-2022-2761", "sightings": [{"uuid": "00861eb3-d625-4599-98ec-d4afd9d539f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27619", "type": "seen", "source": "https://t.me/cibsecurity/47473", "content": "\u203c CVE-2022-27619 \u203c\n\nCleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T07:18:23.000000Z"}, {"uuid": "55dac81d-61c6-463a-9649-5114d4f9ac7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2761", "type": "seen", "source": "https://t.me/cibsecurity/52807", "content": "\u203c CVE-2022-2761 \u203c\n\nAn information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T02:50:00.000000Z"}, {"uuid": "44d26b16-2f66-4866-9877-22f7e05ebc62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2761", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14394", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2761\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.\n\ud83d\udccf Published: 2022-11-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T19:35:56.179Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/370458\n2. https://hackerone.com/reports/1653149\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json", "creation_timestamp": "2025-05-01T20:15:57.000000Z"}, {"uuid": "268f2dfd-9c11-40a0-bc4c-a5bf636d4228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27616", "type": "seen", "source": "https://t.me/cibsecurity/47474", "content": "\u203c CVE-2022-27616 \u203c\n\nImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T07:18:24.000000Z"}, {"uuid": "fecb06e8-44c5-4757-b553-941ee28bc687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27618", "type": "seen", "source": "https://t.me/cibsecurity/47469", "content": "\u203c CVE-2022-27618 \u203c\n\nImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T07:18:19.000000Z"}, {"uuid": "8ad17830-a0c4-4c5f-a969-582491e76503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27617", "type": "seen", "source": "https://t.me/cibsecurity/47467", "content": "\u203c CVE-2022-27617 \u203c\n\nImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T07:18:17.000000Z"}, {"uuid": "10df8127-717f-4a61-abe4-4fc974007898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27612", "type": "seen", "source": "https://t.me/cibsecurity/47184", "content": "\u203c CVE-2022-27612 \u203c\n\nBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:29.000000Z"}, {"uuid": "ae861d0e-5131-4928-847d-a29b66ca8c16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27611", "type": "seen", "source": "https://t.me/cibsecurity/47187", "content": "\u203c CVE-2022-27611 \u203c\n\nImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:33.000000Z"}, {"uuid": "0f45f93f-6721-4981-8c34-157890d89be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27614", "type": "seen", "source": "https://t.me/cibsecurity/47185", "content": "\u203c CVE-2022-27614 \u203c\n\nExposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:30.000000Z"}, {"uuid": "74909a85-7a35-4b55-b391-495ecff9760f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27613", "type": "seen", "source": "https://t.me/cibsecurity/47181", "content": "\u203c CVE-2022-27613 \u203c\n\nImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:26.000000Z"}]}