{"vulnerability": "CVE-2022-4539", "sightings": [{"uuid": "dc70d6ef-e76c-4c8d-890b-99e456cd92ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45399", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzuqjgcuhyc2", "content": "", "creation_timestamp": "2025-09-28T05:16:33.914135Z"}, {"uuid": "e6ac4605-e54d-471a-ab60-ab69997bd4af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45394", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzw27u2pjo22", "content": "", "creation_timestamp": "2025-09-28T17:42:47.637099Z"}, {"uuid": "c4617c94-1001-4ffa-8b71-968931dd6ec6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45393", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzveiiq5v5h2", "content": "", "creation_timestamp": "2025-09-28T11:13:56.920804Z"}, {"uuid": "fa455cfd-39ee-4ca2-9ecb-e0f49438ae12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45394", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45394\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:10:31.839Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T17:13:14.000000Z"}, {"uuid": "97ff3171-2cd3-4e96-8cfb-978031d90277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45392", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzyk6ullnhq2", "content": "", "creation_timestamp": "2025-09-29T17:33:53.792975Z"}, {"uuid": "254bb3a4-7a13-4ce9-bf41-c97f5afba818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45393", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14096", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45393\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:12:24.591Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T17:13:12.000000Z"}, {"uuid": "1ba41d42-755f-4fda-b016-0fac980a2279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14073", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45397\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:04:59.949Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:14:00.000000Z"}, {"uuid": "08e7b30d-460a-4010-a60e-bbaad42e5774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45396", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14072", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45396\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:05:47.057Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:13:59.000000Z"}, {"uuid": "a65fe6b8-8dbc-4202-80b1-616adeb92aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45392", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14095", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45392\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:23:23.329Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T17:13:11.000000Z"}, {"uuid": "74174a58-733e-4915-a937-d23c22252b43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14078", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45399\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:02:02.738Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:14:08.000000Z"}, {"uuid": "77d442fa-2c7a-4856-9006-b59de66b61ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45398", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14075", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45398\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:03:32.134Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:14:05.000000Z"}, {"uuid": "12560f4d-ba0c-4c4b-8554-6528f9d0bf0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45390", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14117", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45390\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T17:35:35.181Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T18:14:29.000000Z"}, {"uuid": "092aa1a0-74b3-4ef9-80c9-ff4860f93268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45395", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14100", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45395\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:09:04.009Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T17:13:18.000000Z"}, {"uuid": "2f1bc9e3-0d7e-4572-9d23-b79537e6da24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45390", "type": "seen", "source": "https://t.me/cibsecurity/52988", "content": "\u203c CVE-2022-45390 \u203c\n\nA missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:54:36.000000Z"}, {"uuid": "066e4805-01aa-444a-b296-2248368fdb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4539", "type": "seen", "source": "https://t.me/cvedetector/4576", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-4539 - WordPress Web Application Firewall IP Address Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-4539 \nPublished : Aug. 31, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-31T13:23:06.000000Z"}]}