Overview Recently, NSFOCUS CERT detected that Atlassian issued a security announcement and fixed the directory traversal vulnerability in Confluence Data Center and Server (CVE-2024-21677), with a CVSS score of 8.3. Unauthenticated attackers need to interact with users, and exploiting this vulnerability can have a great impact on the confidentiality, integrity,...
Categoria: Emergency Response
Runc Container Escape Vulnerability Alert
Overview Recently, NSFOCUS CERT detected that the runc officially issued a security notice and fixed a container escaping vulnerability (CVE-2024-21626). Since the internal file descriptor of runc is leaked during initialization and the final working directory is not verified to be located in the mount namespace of the container, attackers...
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice
Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is enabled by default in Jenkins, the specific parser function expandAtFiles can replace the character following the file path...
GitLab Arbitrary File Write Vulnerability (CVE-2024-0402) Alert
Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed an arbitrary file write vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to path traversal issues, authenticated attackers can copy files to any location on the GitLab server when creating workspaces. The...
Confluence Remote Code Execution Vulnerability (CVE-2023-22527) Alert
Overview On January 16, NSFOCUS CERT detected that Atlassian officially released a security announcement fixing the remote code execution vulnerability (CVE-2023-22522) in Confluence Data Center and Confluence Server. This vulnerability is caused by template injection. Unauthenticated attackers can inject malicious requests into Confluence pages to implement remote code execution on...
GitLab Arbitrary User Password Reset Vulnerability
Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible. CVE-2023-7028: In GitLab CE/EE, users can reset their passwords through...
