admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2023-10-10 13:02:37 +08:00 committed by GitHub
parent cbaf58ce6a
commit e5d2039a16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
GobyVuls-Document.md
View File

@ -9,7 +9,7 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
| :----: | :-----|
| **Chinese name** | Apache Superset Cookie 权限绕过漏洞CVE-2023-27524 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="APACHE-Superset"]([https://en.fofa.info/result?qbase64=dGl0bGU9IlJldml2ZSBBZHNlcnZlciIgfHwgYm9keT0ic3RyUGFzc3dvcmRNaW5MZW5ndGgiIHx8IGJvZHk9IldlbGNvbWUgdG8gUmV2aXZlIEFkc2VydmVyIg%3D%3D](https://en.fofa.info/result?qbase64=dGl0bGU9IkF1dGhlbnRpY2F0ZSBQbGVhc2UhIiB8fCBib2R5PSJwYXNzd29yZDp0aGlzLnJlZnMucGFzc3dvcmQudmFsdWUiIHx8IGJvZHk9IlVJa2l0LmNvbXBvbmVudHMuZm9ybVBhc3N3b3JkLnByb3RvdHlwZS5kZWZhdWx0cy5sYmxTaG93IiB8fCBib2R5PSJBcHAucmVxdWVzdCgnL2F1dGgvY2hlY2snIg%3D%3D))|
| **FOFA Query** (click to view the results directly)| [app="APACHE-Superset"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCB0aXRsZT0iNTAwOiBJbnRlcm5hbCBzZXJ2ZXIgZXJyb3IgfCBTdXBlcnNldCIgfHwgdGl0bGU9IjQwNDogTm90IGZvdW5kIHwgU3VwZXJzZXQiIHx8IGJhbm5lcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCBiYW5uZXI9Ii9zdXBlcnNldC9kYXNoYm9hcmQvIg%3D%3D)|
| **Number of assets affected** | 56089 |
| **Description** | Apache Superset is an open source modern data exploration and visualization platform.Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. |
| **Impact** | Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. |
@ -23,7 +23,7 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
| :----: | :-----|
| **Chinese name** | Cockpit assetsmanager/upload 文件上传漏洞CVE-2023-1313 |
| **CVSS core** | 7.2 |
| **FOFA Query** (click to view the results directly)| [title="Authenticate Please!" \|\| body="password:this.refs.password.value" \|\| body="UIkit.components.formPassword.prototype.defaults.lblShow" \|\| body="App.request('/auth/check'"]([https://en.fofa.info/result?qbase64=dGl0bGU9IlJldml2ZSBBZHNlcnZlciIgfHwgYm9keT0ic3RyUGFzc3dvcmRNaW5MZW5ndGgiIHx8IGJvZHk9IldlbGNvbWUgdG8gUmV2aXZlIEFkc2VydmVyIg%3D%3D](https://en.fofa.info/result?qbase64=dGl0bGU9IkF1dGhlbnRpY2F0ZSBQbGVhc2UhIiB8fCBib2R5PSJwYXNzd29yZDp0aGlzLnJlZnMucGFzc3dvcmQudmFsdWUiIHx8IGJvZHk9IlVJa2l0LmNvbXBvbmVudHMuZm9ybVBhc3N3b3JkLnByb3RvdHlwZS5kZWZhdWx0cy5sYmxTaG93IiB8fCBib2R5PSJBcHAucmVxdWVzdCgnL2F1dGgvY2hlY2snIg%3D%3D))|
| **FOFA Query** (click to view the results directly)| [title="Authenticate Please!" \|\| body="password:this.refs.password.value" \|\| body="UIkit.components.formPassword.prototype.defaults.lblShow" \|\| body="App.request('/auth/check'"](https://en.fofa.info/result?qbase64=dGl0bGU9IkF1dGhlbnRpY2F0ZSBQbGVhc2UhIiB8fCBib2R5PSJwYXNzd29yZDp0aGlzLnJlZnMucGFzc3dvcmQudmFsdWUiIHx8IGJvZHk9IlVJa2l0LmNvbXBvbmVudHMuZm9ybVBhc3N3b3JkLnByb3RvdHlwZS5kZWZhdWx0cy5sYmxTaG93IiB8fCBib2R5PSJBcHAucmVxdWVzdCgnL2F1dGgvY2hlY2snIg%3D%3D)|
| **Number of assets affected** | 3185 |
| **Description** | Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |