{"vulnerability": "CVE-2023-2580", "sightings": [{"uuid": "0474f9ca-131c-42b7-ad03-0ebaaa68b99d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25807", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6701", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25807\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.\n\n\ud83d\udccf Published: 2023-02-28T15:05:33.087Z\n\ud83d\udccf Modified: 2025-03-06T16:26:01.200Z\n\ud83d\udd17 References:\n1. https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf\n2. https://github.com/dataease/dataease/commit/cc94fb8e69ddbb37c96d02ec0f0ddcd74273ef49", "creation_timestamp": "2025-03-06T16:33:59.000000Z"}, {"uuid": "618b979e-c718-4f8d-8993-05197cf1b080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25806", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6617", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25806\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.\n\ud83d\udccf Published: 2023-03-02T03:04:26.889Z\n\ud83d\udccf Modified: 2025-03-05T21:28:42.975Z\n\ud83d\udd17 References:\n1. https://github.com/opensearch-project/security/security/advisories/GHSA-c6wg-cm5x-rqvj", "creation_timestamp": "2025-03-05T21:34:51.000000Z"}, {"uuid": "8894a8d0-f17f-483e-b774-fac2f657eeb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25801", "type": "seen", "source": "https://t.me/cibsecurity/60722", "content": "\u203c CVE-2023-25801 \u203c\n\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-25T06:37:54.000000Z"}, {"uuid": "44ec75e8-e645-472f-bda5-0a6a31ae268a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25804", "type": "seen", "source": "https://t.me/cibsecurity/60074", "content": "\u203c CVE-2023-25804 \u203c\n\nRoxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T21:29:58.000000Z"}, {"uuid": "6417e2a6-98d2-4320-890c-4699875db469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25806", "type": "seen", "source": "https://t.me/cibsecurity/59312", "content": "\u203c CVE-2023-25806 \u203c\n\nOpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-02T07:34:14.000000Z"}, {"uuid": "39b081d5-c355-45d5-aba8-93eb6ca4e402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25807", "type": "seen", "source": "https://t.me/cibsecurity/59102", "content": "\u203c CVE-2023-25807 \u203c\n\nDataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T18:27:40.000000Z"}, {"uuid": "b423ed58-1d46-409f-9310-1f3c908cb100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25805", "type": "seen", "source": "https://t.me/cibsecurity/58528", "content": "\u203c CVE-2023-25805 \u203c\n\nversionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-20T18:16:00.000000Z"}]}