admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2023-05-22 19:03:04 +08:00 committed by GitHub
parent ee0205dd1b
commit 995cc6a41c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,7 +1,20 @@
[# Goby History Update Vulnerability Total Document (Continuously Update) [# Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: May 19, 2023** **Updated document date: May 22, 2023**
## Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)
| **Vulnerability** | **Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)** |
| :----: | :-----|
| **Chinese name** | Apache Superset 权限绕过漏洞CVE-2023-27524 |
| **CVSS core** | 8.9 |
| **FOFA Query** (click to view the results directly)| [(title="Superset" && (body="appbuilder" \|\| body="\<img src=\"https://joinsuperset.com/img/supersetlogovector.svg")) \|\| body="\<a href=\"https://manage.app-sdx.preset.io\" class=\"button\">Back to workspaces\</a>\</section>" \|\| (body="/static/assets/dist/common.644ae7ae973b00abc14b.entry.js" \|\| (body="/static/assets/images/favicon.png" && body="/static/appbuilder/js/jquery-latest.js") && body="Superset") \|\| header="/superset/welcome/" \|\| title="500: Internal server error | Superset" \|\| title="404: Not found | Superset" \|\| banner="/superset/welcome/" \|\| banner="/superset/dashboard/"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCAgdGl0bGU9IjUwMDogSW50ZXJuYWwgc2VydmVyIGVycm9yIHwgU3VwZXJzZXQiIHx8IHRpdGxlPSI0MDQ6IE5vdCBmb3VuZCB8IFN1cGVyc2V0IiB8fCBiYW5uZXI9Ii9zdXBlcnNldC93ZWxjb21lLyIgfHwgYmFubmVyPSIvc3VwZXJzZXQvZGFzaGJvYXJkLyI%3D) |
| **Number of assets affected** | 43325 |
| **Description** | Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset versions 2.0.1 and earlier have security vulnerabilities. Attackers exploit this vulnerability to verify and access unauthorized resources. |
| **Impact** | Attackers can exploit this vulnerability to verify and access unauthorized resources. |
![](https://s3.bmp.ovh/imgs/2023/05/22/46c693629791a204.gif)
## Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308) ## Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308)