<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 20:31:02 +0000</lastBuildDate>
    <item>
      <title>39e80f4f-e273-4045-a04e-c88439f57324</title>
      <link>https://vulnerability.circl.lu/sighting/39e80f4f-e273-4045-a04e-c88439f57324/export</link>
      <description>{"uuid": "39e80f4f-e273-4045-a04e-c88439f57324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28147", "type": "seen", "source": "https://t.me/cibsecurity/39740", "content": "\u203c CVE-2022-28147 \u203c\n\nA missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T17:00:46.000000Z"}</description>
      <content:encoded>{"uuid": "39e80f4f-e273-4045-a04e-c88439f57324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28147", "type": "seen", "source": "https://t.me/cibsecurity/39740", "content": "\u203c CVE-2022-28147 \u203c\n\nA missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T17:00:46.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/39e80f4f-e273-4045-a04e-c88439f57324/export</guid>
      <pubDate>Tue, 29 Mar 2022 17:00:46 +0000</pubDate>
    </item>
    <item>
      <title>6b4eae85-d839-4cb1-a818-4860ddb2b2b4</title>
      <link>https://vulnerability.circl.lu/sighting/6b4eae85-d839-4cb1-a818-4860ddb2b2b4/export</link>
      <description>{"uuid": "6b4eae85-d839-4cb1-a818-4860ddb2b2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28140", "type": "seen", "source": "https://t.me/cibsecurity/39737", "content": "\u203c CVE-2022-28140 \u203c\n\nJenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:30.000000Z"}</description>
      <content:encoded>{"uuid": "6b4eae85-d839-4cb1-a818-4860ddb2b2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28140", "type": "seen", "source": "https://t.me/cibsecurity/39737", "content": "\u203c CVE-2022-28140 \u203c\n\nJenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:30.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6b4eae85-d839-4cb1-a818-4860ddb2b2b4/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:30 +0000</pubDate>
    </item>
    <item>
      <title>5e58abd7-87b8-4056-9efa-e4873423649c</title>
      <link>https://vulnerability.circl.lu/sighting/5e58abd7-87b8-4056-9efa-e4873423649c/export</link>
      <description>{"uuid": "5e58abd7-87b8-4056-9efa-e4873423649c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28148", "type": "seen", "source": "https://t.me/cibsecurity/39735", "content": "\u203c CVE-2022-28148 \u203c\n\nThe file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:28.000000Z"}</description>
      <content:encoded>{"uuid": "5e58abd7-87b8-4056-9efa-e4873423649c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28148", "type": "seen", "source": "https://t.me/cibsecurity/39735", "content": "\u203c CVE-2022-28148 \u203c\n\nThe file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:28.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5e58abd7-87b8-4056-9efa-e4873423649c/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:28 +0000</pubDate>
    </item>
    <item>
      <title>92a3b60d-44ab-4613-815c-c7b1bf2de39a</title>
      <link>https://vulnerability.circl.lu/sighting/92a3b60d-44ab-4613-815c-c7b1bf2de39a/export</link>
      <description>{"uuid": "92a3b60d-44ab-4613-815c-c7b1bf2de39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28142", "type": "seen", "source": "https://t.me/cibsecurity/39734", "content": "\u203c CVE-2022-28142 \u203c\n\nJenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:27.000000Z"}</description>
      <content:encoded>{"uuid": "92a3b60d-44ab-4613-815c-c7b1bf2de39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28142", "type": "seen", "source": "https://t.me/cibsecurity/39734", "content": "\u203c CVE-2022-28142 \u203c\n\nJenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:27.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/92a3b60d-44ab-4613-815c-c7b1bf2de39a/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:27 +0000</pubDate>
    </item>
    <item>
      <title>7bd6099e-82ce-446c-90a6-4ffede224ff2</title>
      <link>https://vulnerability.circl.lu/sighting/7bd6099e-82ce-446c-90a6-4ffede224ff2/export</link>
      <description>{"uuid": "7bd6099e-82ce-446c-90a6-4ffede224ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28146", "type": "seen", "source": "https://t.me/cibsecurity/39733", "content": "\u203c CVE-2022-28146 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:26.000000Z"}</description>
      <content:encoded>{"uuid": "7bd6099e-82ce-446c-90a6-4ffede224ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28146", "type": "seen", "source": "https://t.me/cibsecurity/39733", "content": "\u203c CVE-2022-28146 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:26.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7bd6099e-82ce-446c-90a6-4ffede224ff2/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:26 +0000</pubDate>
    </item>
    <item>
      <title>7f231516-f741-4a6e-a599-f87a08402c28</title>
      <link>https://vulnerability.circl.lu/sighting/7f231516-f741-4a6e-a599-f87a08402c28/export</link>
      <description>{"uuid": "7f231516-f741-4a6e-a599-f87a08402c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28145", "type": "seen", "source": "https://t.me/cibsecurity/39726", "content": "\u203c CVE-2022-28145 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:13.000000Z"}</description>
      <content:encoded>{"uuid": "7f231516-f741-4a6e-a599-f87a08402c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28145", "type": "seen", "source": "https://t.me/cibsecurity/39726", "content": "\u203c CVE-2022-28145 \u203c\n\nJenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:13.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7f231516-f741-4a6e-a599-f87a08402c28/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:13 +0000</pubDate>
    </item>
    <item>
      <title>31c44215-9634-4f94-871f-e07d84d23f14</title>
      <link>https://vulnerability.circl.lu/sighting/31c44215-9634-4f94-871f-e07d84d23f14/export</link>
      <description>{"uuid": "31c44215-9634-4f94-871f-e07d84d23f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28149", "type": "seen", "source": "https://t.me/cibsecurity/39723", "content": "\u203c CVE-2022-28149 \u203c\n\nJenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:11.000000Z"}</description>
      <content:encoded>{"uuid": "31c44215-9634-4f94-871f-e07d84d23f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28149", "type": "seen", "source": "https://t.me/cibsecurity/39723", "content": "\u203c CVE-2022-28149 \u203c\n\nJenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:11.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/31c44215-9634-4f94-871f-e07d84d23f14/export</guid>
      <pubDate>Tue, 29 Mar 2022 16:41:11 +0000</pubDate>
    </item>
  </channel>
</rss>
