admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-03-21 18:54:25 +08:00 committed by GitHub
parent 50dcca43f5
commit ef05e25e1f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
GobyVuls-Document.md
View File

@ -1,7 +1,22 @@
# Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: March 15, 2024**
**Updated document date: March 21, 2024**
## JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199)
| **Vulnerability** | JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199) |
| :----: | :-----|
| **Chinese name** | JetBrains TeamCity 权限绕过漏洞CVE-2024-27198 & CVE-2024-27199 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="JET_BRAINS-TeamCity"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJUZWFtY2l0eSIgfHwgYmFubmVyPSJUZWFtY2l0eSIgfHwgdGl0bGU9IlRlYW1DaXR5IiB8fCBib2R5PSJjb250ZW50PVwiVGVhbUNpdHkgKExvZyBpbiB0byBUZWFtQ2l0eSI%3D)|
| **Number of assets affected** | 141734 |
| **Description** | JetBrains TeamCity is a continuous integration and continuous delivery (CI/CD) server developed by JetBrains. It provides a powerful platform for automating the building, testing and deployment of software projects. TeamCity aims to simplify team collaboration and software delivery processes, improve development team efficiency and product quality.JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
| **Impact** | JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2024/03/21/247110c62504abd3.gif).
## Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194)