admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2023-05-22 19:03:04 +08:00 committed by GitHub
parent ee0205dd1b
commit 995cc6a41c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,7 +1,20 @@
[# Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: May 19, 2023**
**Updated document date: May 22, 2023**
## Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)
| **Vulnerability** | **Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)** |
| :----: | :-----|
| **Chinese name** | Apache Superset 权限绕过漏洞CVE-2023-27524 |
| **CVSS core** | 8.9 |
| **FOFA Query** (click to view the results directly)| [(title="Superset" && (body="appbuilder" \|\| body="\<img src=\"https://joinsuperset.com/img/supersetlogovector.svg")) \|\| body="\<a href=\"https://manage.app-sdx.preset.io\" class=\"button\">Back to workspaces\</a>\</section>" \|\| (body="/static/assets/dist/common.644ae7ae973b00abc14b.entry.js" \|\| (body="/static/assets/images/favicon.png" && body="/static/appbuilder/js/jquery-latest.js") && body="Superset") \|\| header="/superset/welcome/" \|\| title="500: Internal server error | Superset" \|\| title="404: Not found | Superset" \|\| banner="/superset/welcome/" \|\| banner="/superset/dashboard/"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCAgdGl0bGU9IjUwMDogSW50ZXJuYWwgc2VydmVyIGVycm9yIHwgU3VwZXJzZXQiIHx8IHRpdGxlPSI0MDQ6IE5vdCBmb3VuZCB8IFN1cGVyc2V0IiB8fCBiYW5uZXI9Ii9zdXBlcnNldC93ZWxjb21lLyIgfHwgYmFubmVyPSIvc3VwZXJzZXQvZGFzaGJvYXJkLyI%3D) |
| **Number of assets affected** | 43325 |
| **Description** | Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset versions 2.0.1 and earlier have security vulnerabilities. Attackers exploit this vulnerability to verify and access unauthorized resources. |
| **Impact** | Attackers can exploit this vulnerability to verify and access unauthorized resources. |
![](https://s3.bmp.ovh/imgs/2023/05/22/46c693629791a204.gif)
## Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308)