Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-07-27
CVE-2022-36882
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-07-27
CVE-2022-36883
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
CVSS Score
7.5
EPSS Score
0.762
Published
2022-07-27
CVE-2022-36884
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-07-27
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-27
CVE-2022-23099
OX App Suite through 7.10.6 allows XSS by forcing block-wise read.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-07-27
CVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
CVSS Score
9.8
EPSS Score
0.017
Published
2022-07-27
CVE-2022-23101
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-07-27
CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-07-27
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved