In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 27-28, 2024.
During this period, The National Vulnerability Database published 122, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 29
Medium: 36
Low: 6
Severity Not Assigned: 41
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4901
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/461773
https://hackerone.com/reports/2500163
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5655
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/465862
https://hackerone.com/reports/2536320
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6323
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/457912
CWE-ID: CWE-653
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6054
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/auto-featured-image/tags/1.2/auto-featured-image.php#L167
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d1512c2-75c1-405b-8bb4-f42ec69159a7?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-22232
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
References: https://saltproject.io/security-announcements/2024-01-31-advisory/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0947
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0808
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0949
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0808
CWE-ID: CWE-1390 CWE-284 CWE-306 CWE-732 CWE-862 CWE-863 CWE-923
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0809
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-6371
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269804.
References: https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_b.md
https://vuldb.com/?ctiid.269804
https://vuldb.com/?id.269804
https://vuldb.com/?submit.364101
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-6373
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability.
References: https://github.com/Abyssun/abyssun-/issues/1
https://vuldb.com/?ctiid.269806
https://vuldb.com/?id.269806
https://vuldb.com/?submit.364646
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-31916
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/290026
https://www.ibm.com/support/pages/node/7158679
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-35260
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Microsoft Dataverse Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-5334
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: External Control of File Name or Path in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7eec128b-1bf5-4922-a95c-551ad3695cf6
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5547
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Relative Path Traversal in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7ea0eb5f-7643-4452-bc93-a225e2090283
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5548
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path Traversal in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/ad7dd135-8839-4042-87c0-105af61d262c
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-30997
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254638
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-30998
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254649
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-38370
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/261197
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-3043
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
References: https://community.silabs.com/069Vm000005UCH0IAO
https://github.com/SiliconLabs/gecko_sdk
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3330
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0.
References: https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4578
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
References: https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-5714
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with escalated privileges, and change members from other organizations to their own or other projects, also with escalated privileges. This vulnerability is due to the backend's failure to validate project identifiers against the current user's organization ID and projects belonging to it, as well as a misconfiguration in attribute naming (`org_id` should be `orgId`) that prevents proper user organization validation. As a result, attackers can cause inconsistencies on the platform for affected users and organizations, including unauthorized privilege escalation. The issue is present in the backend API endpoints for user invitation and modification, specifically in the handling of project IDs in requests.
References: https://huntr.com/bounties/8cff4afa-131b-4a7e-9f0d-8a3c69f3d024
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5751
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.
References: https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5820
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Missing Authorization in stitionai/devika
References: https://huntr.com/bounties/2ba757bf-8ede-445b-b143-2de7769758a6
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5822
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.
References: https://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5824
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`.
References: https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc
https://huntr.com/bounties/9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5826
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.
References: https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5885
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
References: https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-5979
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
References: https://huntr.com/bounties/d80a2139-fc03-44b7-b739-de41e323b458
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5980
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.
References: https://huntr.com/bounties/55a6ac6f-89c7-42ea-86f3-c6e93a2679f3
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-6038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.
References: https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d
CWE-ID: CWE-625
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-6085
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.
References: https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-6090
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
References: https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-6139
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.
References: https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-6250
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
References: https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-38523
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10.
References: https://github.com/scidsg/hushline/pull/376
https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-6127
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.
References: https://aceresponder.com/blog/exploiting-empire-c2-framework
https://github.com/ACE-Responder/Empire-C2-RCE-PoC
https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102
https://vulncheck.com/advisories/empire-unauth-rce
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-2973
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
Session Smart Conductor:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
WAN Assurance Router:
* 6.0 versions before 6.1.9-lts,
* 6.2 versions before 6.2.5-sts.
References: https://support.juniper.net/support/eol/software/ssr/
https://supportportal.juniper.net/JSA83126
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-6071
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
https://www.ptc.com/en/support/article/CS417607
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 27-28, 2024.
During this period, The National Vulnerability Database published 122, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 29
Medium: 36
Low: 6
Severity Not Assigned: 41
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4901
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/461773
https://hackerone.com/reports/2500163
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5655
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/465862
https://hackerone.com/reports/2536320
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6323
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/457912
CWE-ID: CWE-653
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6054
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/auto-featured-image/tags/1.2/auto-featured-image.php#L167
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d1512c2-75c1-405b-8bb4-f42ec69159a7?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-22232
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
References: https://saltproject.io/security-announcements/2024-01-31-advisory/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0947
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0808
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0949
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0808
CWE-ID: CWE-1390 CWE-284 CWE-306 CWE-732 CWE-862 CWE-863 CWE-923
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
References: https://www.usom.gov.tr/bildirim/tr-24-0809
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-6371
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269804.
References: https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_b.md
https://vuldb.com/?ctiid.269804
https://vuldb.com/?id.269804
https://vuldb.com/?submit.364101
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-6373
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability.
References: https://github.com/Abyssun/abyssun-/issues/1
https://vuldb.com/?ctiid.269806
https://vuldb.com/?id.269806
https://vuldb.com/?submit.364646
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-31916
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/290026
https://www.ibm.com/support/pages/node/7158679
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-35260
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Microsoft Dataverse Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-5334
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: External Control of File Name or Path in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7eec128b-1bf5-4922-a95c-551ad3695cf6
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5547
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Relative Path Traversal in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7ea0eb5f-7643-4452-bc93-a225e2090283
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5548
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path Traversal in GitHub repository stitionai/devika prior to -.
References: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/ad7dd135-8839-4042-87c0-105af61d262c
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-30997
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254638
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-30998
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254649
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-38370
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/261197
https://www.ibm.com/support/pages/node/7158790
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-3043
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
References: https://community.silabs.com/069Vm000005UCH0IAO
https://github.com/SiliconLabs/gecko_sdk
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3330
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0.
References: https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4578
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
References: https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-5714
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with escalated privileges, and change members from other organizations to their own or other projects, also with escalated privileges. This vulnerability is due to the backend's failure to validate project identifiers against the current user's organization ID and projects belonging to it, as well as a misconfiguration in attribute naming (`org_id` should be `orgId`) that prevents proper user organization validation. As a result, attackers can cause inconsistencies on the platform for affected users and organizations, including unauthorized privilege escalation. The issue is present in the backend API endpoints for user invitation and modification, specifically in the handling of project IDs in requests.
References: https://huntr.com/bounties/8cff4afa-131b-4a7e-9f0d-8a3c69f3d024
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5751
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.
References: https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5820
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Missing Authorization in stitionai/devika
References: https://huntr.com/bounties/2ba757bf-8ede-445b-b143-2de7769758a6
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5822
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.
References: https://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5824
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`.
References: https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc
https://huntr.com/bounties/9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5826
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.
References: https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5885
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
References: https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-5979
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
References: https://huntr.com/bounties/d80a2139-fc03-44b7-b739-de41e323b458
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5980
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.
References: https://huntr.com/bounties/55a6ac6f-89c7-42ea-86f3-c6e93a2679f3
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-6038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.
References: https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d
CWE-ID: CWE-625
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-6085
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.
References: https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-6090
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
References: https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-6139
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.
References: https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-6250
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
References: https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-38523
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10.
References: https://github.com/scidsg/hushline/pull/376
https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-6127
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.
References: https://aceresponder.com/blog/exploiting-empire-c2-framework
https://github.com/ACE-Responder/Empire-C2-RCE-PoC
https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102
https://vulncheck.com/advisories/empire-unauth-rce
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-2973
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
Session Smart Conductor:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
WAN Assurance Router:
* 6.0 versions before 6.1.9-lts,
* 6.2 versions before 6.2.5-sts.
References: https://support.juniper.net/support/eol/software/ssr/
https://supportportal.juniper.net/JSA83126
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-6071
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
https://www.ptc.com/en/support/article/CS417607
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found