{"vulnerability": "CVE-2023-2900", "sightings": [{"uuid": "eab709f7-3999-41fd-9e9b-007450162235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29001", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113556357978279669", "content": "", "creation_timestamp": "2024-11-27T18:35:13.557290Z"}, {"uuid": "68dcaba3-4b74-4a6c-9cc9-19fba803270d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29004", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6257", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29004\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter.\n\ud83d\udccf Published: 2023-04-17T18:34:07.972Z\n\ud83d\udccf Modified: 2025-03-03T19:19:37.825Z\n\ud83d\udd17 References:\n1. https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv", "creation_timestamp": "2025-03-03T19:30:49.000000Z"}, {"uuid": "ae80ac02-7162-4f8c-881f-fb912ada118e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "280e94f1-5508-4b22-a256-03ab899555d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1468", "content": "CVE-2023-29007\nGit Arbitrary Configuration Injection\n*\nreadme\n*\nPOC exploit\n\n#git #exploit", "creation_timestamp": "2023-04-27T07:07:43.000000Z"}, {"uuid": "fc93361f-9be1-476a-b2e5-956227e348a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4251", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC repository for CVE-2023-29007\nURL\uff1ahttps://github.com/ethiack/CVE-2023-29007\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-26T14:35:07.000000Z"}, {"uuid": "d03909d1-9900-4e69-8ad0-ed3ce44e23c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/99", "content": "CVE-2023-29007", "creation_timestamp": "2023-04-27T07:07:37.000000Z"}, {"uuid": "1a783baa-0ab6-4484-aeb5-ac73a804d6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/98", "content": "https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007", "creation_timestamp": "2023-04-27T07:06:35.000000Z"}, {"uuid": "5512a7ea-387c-4a4d-a054-61d35a821893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "Telegram/r1PFadb90p6lTxGnl_f2N-hr-frtiZS7amPP7ck3RpMYFQ", "content": "", "creation_timestamp": "2023-04-27T09:53:54.000000Z"}, {"uuid": "66a37ae7-83cb-498e-9ddc-3421ceb74582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "Telegram/fV81_v8x36zAgCL91UuHBTq-t7A1rFWRsLJmOGWfzfBQXhM", "content": "", "creation_timestamp": "2023-05-23T08:55:19.000000Z"}, {"uuid": "e6376dba-ac2d-4928-a1fa-e8b0b44bcde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "seen", "source": "https://t.me/cibsecurity/62860", "content": "\u203c CVE-2023-29007 \u203c\n\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T00:25:22.000000Z"}, {"uuid": "8af5d0a7-b3ea-4ed0-bb4f-09a28e235637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3331", "content": "CVE-2023-29007 |\u00a0Git Arbitrary Configuration Injection\n\nDownload: https://system32.ink/news-feed/p/314/", "creation_timestamp": "2023-04-27T09:52:54.000000Z"}, {"uuid": "55470c93-dd68-4b01-b6e8-95aa25edc42e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29009", "type": "seen", "source": "https://t.me/cibsecurity/73096", "content": "\u203c CVE-2023-29009 \u203c\n\nbaserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:36.000000Z"}, {"uuid": "68605942-ac98-40d4-b5ce-e561ef84413d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29008", "type": "seen", "source": "https://t.me/cibsecurity/61571", "content": "\u203c CVE-2023-29008 \u203c\n\nThe SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users\u00e2\u20ac\u2122 accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-06T20:27:10.000000Z"}, {"uuid": "266934af-e661-4e12-a4ed-7afd2d89ab71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29005", "type": "seen", "source": "https://t.me/cibsecurity/61801", "content": "\u203c CVE-2023-29005 \u203c\n\nFlask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T00:22:49.000000Z"}, {"uuid": "21d2048e-7d75-4d2a-8a2f-b6f38281bf13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29004", "type": "seen", "source": "https://t.me/cibsecurity/62298", "content": "\u203c CVE-2023-29004 \u203c\n\nhap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-17T22:28:27.000000Z"}, {"uuid": "d066e60e-6aa1-4a9f-80e8-dfc01ef9347a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29002", "type": "seen", "source": "https://t.me/cibsecurity/62428", "content": "\u203c CVE-2023-29002 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T02:43:51.000000Z"}, {"uuid": "36626a37-0f98-433d-815d-cb054669fca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29000", "type": "seen", "source": "https://t.me/cibsecurity/61398", "content": "\u203c CVE-2023-29000 \u203c\n\nThe Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-04T17:59:28.000000Z"}, {"uuid": "cfcf585e-738a-4f89-8f74-9d443c5b2a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8390", "content": "#exploit\n1. CVE-2023-29007:\nGit Arbitrary Configuration Injection\nhttps://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007\n\n2. CVE-2020-0796:\nWindows Protocol TestSuites is to trigger BSoD\nhttps://github.com/Ajomix/CVE-2020-0796", "creation_timestamp": "2024-03-19T03:31:34.000000Z"}]}