{"vulnerability": "CVE-2022-4123", "sightings": [{"uuid": "3caaea06-a9a2-4f0a-adeb-1580fa23efcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41231", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2rhogr3vus2", "content": "", "creation_timestamp": "2025-10-09T15:25:48.531481Z"}, {"uuid": "36ac4408-4c13-4e1c-b9cc-23a7cffc5e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41239", "type": "seen", "source": "https://t.me/cibsecurity/50218", "content": "\u203c CVE-2022-41239 \u203c\n\nJenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:30.000000Z"}, {"uuid": "3b78aa40-b3ab-4b3d-91af-79e76367a451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41236", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m2pio5viapa2", "content": "", "creation_timestamp": "2025-10-08T20:38:12.299130Z"}, {"uuid": "1ba9f26f-4660-44f0-bfd7-71de3eb06534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41236", "type": "seen", "source": "https://t.me/cibsecurity/50203", "content": "\u203c CVE-2022-41236 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:14.000000Z"}, {"uuid": "f174fdcd-0170-484c-8d8e-3c558c62b0d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41234", "type": "seen", "source": "https://t.me/cibsecurity/50199", "content": "\u203c CVE-2022-41234 \u203c\n\nJenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:09.000000Z"}, {"uuid": "56a2dcf0-e7f4-4eed-ab0f-bc0fd72766a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4123", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4123\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.\n\ud83d\udccf Published: 2022-12-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T20:33:21.916Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=2144989", "creation_timestamp": "2025-04-22T21:04:23.000000Z"}, {"uuid": "75bcc7aa-3416-45f5-b61a-54c83b0cb97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4123", "type": "seen", "source": "https://t.me/cibsecurity/54175", "content": "\u203c CVE-2022-4123 \u203c\n\nA flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T18:17:57.000000Z"}, {"uuid": "6c67a717-bafd-417d-91f7-530f02057cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41230", "type": "seen", "source": "https://t.me/cibsecurity/50211", "content": "\u203c CVE-2022-41230 \u203c\n\nJenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:22.000000Z"}, {"uuid": "3751bee4-3019-410c-ab6b-fada0849df7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41235", "type": "seen", "source": "https://t.me/cibsecurity/50206", "content": "\u203c CVE-2022-41235 \u203c\n\nJenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:17.000000Z"}, {"uuid": "f31f7d82-51d3-4584-b213-27a1e78df090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41237", "type": "seen", "source": "https://t.me/cibsecurity/50209", "content": "\u203c CVE-2022-41237 \u203c\n\nJenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:20.000000Z"}]}