Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed an arbitrary file write vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to path traversal issues, authenticated attackers can copy files to any location on the GitLab server when creating workspaces. The...
Category: Emergency Response
Confluence Remote Code Execution Vulnerability (CVE-2023-22527) Alert
Overview On January 16, NSFOCUS CERT detected that Atlassian officially released a security announcement fixing the remote code execution vulnerability (CVE-2023-22522) in Confluence Data Center and Confluence Server. This vulnerability is caused by template injection. Unauthenticated attackers can inject malicious requests into Confluence pages to implement remote code execution on...
GitLab Arbitrary User Password Reset Vulnerability
Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible. CVE-2023-7028: In GitLab CE/EE, users can reset their passwords through...
OpenSSH Command Injection Vulnerability (CVE-2023-51385) Alert
Overview Recently, NSFOCUS CERT detected that OpenSSH released a security update and fixed a command injection vulnerability caused by malicious shell characters (CVE-2023-51385), with a CVSS score of 9.8; Since there is no security filtering of username and hostname input represented by %h,%u in OpenSSH's ProxyCommand command, command injection may...
Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert
Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read files and carry out SSRF attacks when operating uri calls; CVE-2023-51467: Due to a privilege verification logic error...
Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) Notification
Overview Recently, NSFOCUS CERT found a remote code execution vulnerability in Apache ActiveMQ Jolokia (CVE-2022-41678). In the configuration of ActiveMQ, jetty allows org.holokia.http.AgentServlet to process requests for/api/Jolokia. An authenticated attacker can send a specially crafted HTTP request to write a malicious file through the Jolokia service, thus implementing remote code...
