{"vulnerability": "CVE-2022-3477", "sightings": [{"uuid": "72d3bca5-8981-4386-90e7-a219ebf07551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3477", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lzjt2cqpya26", "content": "", "creation_timestamp": "2025-09-23T21:02:24.478834Z"}, {"uuid": "001d47fa-02f2-49cb-bdff-01d0dc8f905c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34778", "type": "seen", "source": "https://t.me/cibsecurity/45452", "content": "\u203c CVE-2022-34778 \u203c\n\nJenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:44:00.000000Z"}, {"uuid": "874c9abd-6592-4e5d-b493-d1badec14514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34772", "type": "seen", "source": "https://t.me/cibsecurity/48510", "content": "\u203c CVE-2022-34772 \u203c\n\nTabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:26:55.000000Z"}, {"uuid": "de13701d-7b4c-4d75-843d-add1a7557973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34774", "type": "seen", "source": "https://t.me/cibsecurity/48507", "content": "\u203c CVE-2022-34774 \u203c\n\nTabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:26:49.000000Z"}, {"uuid": "b1bef4f6-a64f-4ddb-9596-3d2ead875517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34773", "type": "seen", "source": "https://t.me/cibsecurity/48492", "content": "\u203c CVE-2022-34773 \u203c\n\nTabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 \u00e2\u20ac\u201c Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:20:47.000000Z"}, {"uuid": "e5b31d23-c56c-4887-886f-a0ec510689c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34775", "type": "seen", "source": "https://t.me/cibsecurity/48490", "content": "\u203c CVE-2022-34775 \u203c\n\nTabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:20:45.000000Z"}, {"uuid": "7a99dfcf-bd6f-4d39-a118-c2553a8a0694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34779", "type": "seen", "source": "https://t.me/cibsecurity/45440", "content": "\u203c CVE-2022-34779 \u203c\n\nA missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:46.000000Z"}, {"uuid": "766c5545-edfe-4ee0-9b10-00f5acaab871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34777", "type": "seen", "source": "https://t.me/cibsecurity/45439", "content": "\u203c CVE-2022-34777 \u203c\n\nJenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:45.000000Z"}]}