admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2023-32315.md

Browse Source 
add CVE-2023-32315
This commit is contained in:
Goby 2023-06-16 21:27:51 +08:00 committed by GitHub
parent 5ed0a01367
commit a1f4aa29ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023-32315.md Normal file
View File

@ -0,0 +1,12 @@
## Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)
| **Vulnerability** | **Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)** |
| :----: | :-----|
| **Chinese name** | Ignite Realtime Openfire 权限绕过漏洞CVE-2023-32315 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [(body="background: transparent url(images/login_logo.gif) no-repeat" && body="Openfire") \|\| (body="class=\"row justify-content-center\"" && body="\<title>Openfire 管理界面\</title>") \|\| title="Openfire Admin Console" \|\| title="Openfire HTTP Binding Service" \|\| (body="align=\"right\" id=\"jive-loginVersion" && body="Openfire") \|\| title="Открытый огонь Консоль Администрации" \|\| title=="Openfire 管理界面"](https://en.fofa.info/result?qbase64=KGJvZHk9ImJhY2tncm91bmQ6IHRyYW5zcGFyZW50IHVybChpbWFnZXMvbG9naW5fbG9nby5naWYpIG5vLXJlcGVhdCIgJiYgYm9keT0iT3BlbmZpcmUiKSB8fCAoYm9keT0iY2xhc3M9XCJyb3cganVzdGlmeS1jb250ZW50LWNlbnRlclwiIiAmJiBib2R5PSI8dGl0bGU%2BT3BlbmZpcmUg566h55CG55WM6Z2iPC90aXRsZT4iKSB8fCB0aXRsZT0iT3BlbmZpcmUgQWRtaW4gQ29uc29sZSIgfHwgdGl0bGU9Ik9wZW5maXJlIEhUVFAgQmluZGluZyBTZXJ2aWNlIiB8fCAoYm9keT0iYWxpZ249XCJyaWdodFwiIGlkPVwiaml2ZS1sb2dpblZlcnNpb24iICYmIGJvZHk9Ik9wZW5maXJlIikgfHwgdGl0bGU9ItCe0YLQutGA0YvRgtGL0Lkg0L7Qs9C%2B0L3RjCDQmtC%2B0L3RgdC%2B0LvRjCDQkNC00LzQuNC90LjRgdGC0YDQsNGG0LjQuCIgfHwgdGl0bGU9PSJPcGVuZmlyZSDnrqHnkIbnlYzpnaIi) |
| **Number of assets affected** | 49936 |
| **Description** | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
![](https://s3.bmp.ovh/imgs/2023/06/16/ab6c2f05e446d56a.gif)