{"vulnerability": "CVE-2023-2445", "sightings": [{"uuid": "4ef63f4c-6a6d-4e33-9a7e-dbfed3d1b666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24453", "type": "seen", "source": "https://t.me/arpsyndicate/3087", "content": "#ExploitObserverAlert\n\nCVE-2023-24453\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-24453. A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-01-26T21:58:22.000000Z"}, {"uuid": "ea4f187f-daa9-4879-8130-b113b8e63ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24459", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9948", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24459\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T16:07:06.060Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2745", "creation_timestamp": "2025-04-01T16:32:32.000000Z"}, {"uuid": "6e18d32c-d798-4a70-9c68-f2e279ef8a1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2445", "type": "seen", "source": "https://t.me/cibsecurity/63164", "content": "\u203c CVE-2023-2445 \u203c\n\nImproper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-02T18:30:14.000000Z"}, {"uuid": "9d262d0b-53b8-472c-a467-4f08241580f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24452", "type": "seen", "source": "https://t.me/cibsecurity/56977", "content": "\u203c CVE-2023-24452 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:39:17.000000Z"}, {"uuid": "571bc49c-b3b3-474c-a330-25472c9bcaef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24450", "type": "seen", "source": "https://t.me/cibsecurity/56974", "content": "\u203c CVE-2023-24450 \u203c\n\nJenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:39:14.000000Z"}, {"uuid": "5115e037-a5ea-4754-a597-8d2f70a581ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24451", "type": "seen", "source": "https://t.me/cibsecurity/57011", "content": "\u203c CVE-2023-24451 \u203c\n\nA missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:47:06.000000Z"}]}