Skip to content

Instantly share code, notes, and snippets.

@menghaining

menghaining/CVE-2024-29402

Created April 10, 2024 14:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save menghaining/8d424faebfe869c80eadaea12bbdd158 to your computer and use it in GitHub Desktop.
Save menghaining/8d424faebfe869c80eadaea12bbdd158 to your computer and use it in GitHub Desktop.
Download ZIP
Notify CVE about a publication
Raw
CVE-2024-29402
CVE-2024-29402
> [Suggested description]
> cskefu v7 suffers from Insufficient Session Expiration, which allows
> attackers to exploit the old session for malicious activity.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> cskefu
>
> ------------------------------------------
>
> [Affected Product Code Base]
> https://github.com/cskefu/cskefu - v7
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> 1. user1 login;
> 2. admin delete user1;
> 3. user1 can still do something like deleting contacts.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/cskefu/cskefu/issues/781
> https://github.com/cskefu/cskefu/pull/803
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
Raw
CVE-2024-31759
CVE-2024-31759
> [Suggested description]
> An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to
> escalate privileges via the change password function.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> sanluan
>
> ------------------------------------------
>
> [Affected Product Code Base]
> https://github.com/sanluan/PublicCMS https://hub.docker.com/layers/sanluan/publiccms/latest/images/sha256-9677a5a75f98d9c1802bb9d889bf160b587b528c5d071e88015f651cdaf523f8?context=explore - latest (published at May 30, 2023 at 2:26 pm)
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> 1. admin login
> 2. user1 login
> 3. admin changes the password of user1
> 4. user1 can still operate like changing his information
>
> ------------------------------------------
>
> [Reference]
> https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md
> https://1drv.ms/v/s!AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf
Raw
CVE-2024-31760
CVE-2024-31760
> [Suggested description]
> An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an
> attacker to escalate privileges via the Session Expiration component.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> flipped-aurora
>
> ------------------------------------------
>
> [Affected Product Code Base]
> https://github.com/flipped-aurora/gin-vue-admin - 2.4.x
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> user login.
> admin login.
> admin delete/disable user.
> user can still operate.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md
> https://github.com/flipped-aurora/gin-vue-admin/issues/1324
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment