{"vulnerability": "CVE-2022-3095", "sightings": [{"uuid": "4e72d21e-7d34-489d-bdd1-12a3d00cfc06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30950", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m54nyqx32y72", "content": "", "creation_timestamp": "2025-11-08T13:08:25.090629Z"}, {"uuid": "4821c6f6-5113-47d4-b1ca-af87cb2d08c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30951", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m55c2xlfsbc2", "content": "", "creation_timestamp": "2025-11-08T19:07:54.931713Z"}, {"uuid": "40c1fe0e-6cfe-47bb-9c6a-465cdfda4e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30952", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m55v6w3xov72", "content": "", "creation_timestamp": "2025-11-09T00:49:51.116833Z"}, {"uuid": "2f6d471a-01ba-4d92-a171-c9f90681b16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30954", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m52636ms7742", "content": "", "creation_timestamp": "2025-11-07T13:18:02.327731Z"}, {"uuid": "d2784891-c703-4b22-852d-e045fc56a1ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30955", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m53fcha3ppc2", "content": "", "creation_timestamp": "2025-11-08T01:00:28.047269Z"}, {"uuid": "8c1d642f-54d2-43c9-88fd-330a73c361d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3095", "type": "seen", "source": "https://t.me/cibsecurity/52166", "content": "\u203c CVE-2022-3095 \u203c\n\nThe implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T20:33:33.000000Z"}, {"uuid": "b10fd56e-fa41-4578-a573-e5eed27356fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30951", "type": "seen", "source": "https://t.me/cibsecurity/42810", "content": "\u203c CVE-2022-30951 \u203c\n\nJenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:35.000000Z"}, {"uuid": "3e764304-fb2a-4f9b-9920-7c892e4d76d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30959", "type": "seen", "source": "https://t.me/cibsecurity/42812", "content": "\u203c CVE-2022-30959 \u203c\n\nA missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:38.000000Z"}, {"uuid": "c52c8b35-cb29-4f3c-b5d5-e19ad7838287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30950", "type": "seen", "source": "https://t.me/cibsecurity/42822", "content": "\u203c CVE-2022-30950 \u203c\n\nJenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:51.000000Z"}, {"uuid": "00daf412-3aa2-4ff2-ba56-dcd06ebb7d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30954", "type": "seen", "source": "https://t.me/cibsecurity/42817", "content": "\u203c CVE-2022-30954 \u203c\n\nJenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:44.000000Z"}, {"uuid": "7ccac62d-3a9d-46f5-aac0-1ee715aade8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30956", "type": "seen", "source": "https://t.me/cibsecurity/42815", "content": "\u203c CVE-2022-30956 \u203c\n\nJenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:41.000000Z"}, {"uuid": "2f9db053-0a7a-452d-a0ce-0ee3cbe054ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30958", "type": "seen", "source": "https://t.me/cibsecurity/42814", "content": "\u203c CVE-2022-30958 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:40.000000Z"}]}