admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-02-06 11:33:57 +08:00 committed by GitHub
parent 316bda02d3
commit d38b0ef97c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
GobyVuls-Document.md
View File

@ -1,7 +1,23 @@
# Goby History Update Vulnerability Total Document (Continuously Update) # Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: January 26, 2024** **Updated document date: February 6, 2024**
## Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893)
| **Vulnerability** | Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893) |
| :----: | :-----|
| **Chinese name** | JIvanti Connect Secure 和 Policy Secure saml20.ws 服务端请求伪造漏洞CVE-2024-21893 |
| **CVSS core** | 8.2 |
| **FOFA Query** (click to view the results directly)| [app="PulseSecure-SSL-VPN"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJEU0Jyb3dzZXJJRCIgfHwgYmFubmVyPSJEU0Jyb3dzZXJJRCIgfHwgYm9keT0iL2RhbmEtbmEvO2V4cGlyZXM9IiB8fCBib2R5PSJkYW5hLWNhY2hlZC9pbWdzL3NwYWNlLmdpZiIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9zcGFjZS5naWYiIHx8IGJvZHk9Ii9kYW5hLW5hL2ltZ3MvUHJvZHVjdF9mYXZpY29uLnBuZyIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9JdmFudGlfZmF2aWNvbi5wbmciIHx8IGJvZHk9Ii9kYW5hLW5hL2Nzcy9kcy5qcyIgfHwgYm9keT0iZHNfbW9iaWxlX3NhZmFyaS5jc3MiIHx8IGJvZHk9IndlbGNvbWUuY2dpP3A9bG9nbyZzaWduaW5JZD11cmxfZGVmYXVsdCIgfHwgYm9keT0iPGI%2BUHVsc2UgQ29ubmVjdCBTZWN1cmU8L2I%2BIiB8fCB0aXRsZT0iU2VjdXJlIEFjY2VzcyBTU0wgVlBOIiB8fCBiYW5uZXI9Ii9kYW5hLW5hL2F1dGgvdXJsX2RlZmF1bHQiIHx8IGhlYWRlcj0iL2RhbmEtbmEvYXV0aC91cmxfZGVmYXVsdCIgfHwgYm9keT0ic3JjPVwiL2RhbmEtbmEvYXV0aC8i)|
| **Number of assets affected** | 399547 |
| **Description** | Ivanti Connect/Policy Secure is a secure remote network connection tool from the American company Ivanti.Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. |
| **Impact** | Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. |
![](https://s3.bmp.ovh/imgs/2024/02/06/b02b7373188c6998.gif).
## Jenkins args4j file read vulnerability (CVE-2024-23897) ## Jenkins args4j file read vulnerability (CVE-2024-23897)