{"vulnerability": "CVE-2023-3142", "sightings": [{"uuid": "a2da7c45-8edf-4853-be43-f8a7595ce63a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3142", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/245", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3142\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.\n\ud83d\udccf Published: 2023-06-07T00:00:00\n\ud83d\udccf Modified: 2025-01-06T21:10:08.975Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5\n2. https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1", "creation_timestamp": "2025-01-06T21:37:12.000000Z"}, {"uuid": "ee724870-85e7-491d-ba3e-d44a950f7e8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31425", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lyebnq7euba2", "content": "", "creation_timestamp": "2025-09-08T22:43:14.800029Z"}, {"uuid": "b99d0c0d-b24d-4806-b15c-c3e9a6e1da37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31424", "type": "seen", "source": "https://t.me/cibsecurity/69510", "content": "\u203c CVE-2023-31424 \u203c\n\nBrocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T07:12:53.000000Z"}, {"uuid": "3bd4f299-342a-415f-afef-ad1d4978e781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31423", "type": "seen", "source": "https://t.me/ctinow/197030", "content": "https://ift.tt/h3fusSE\nCVE-2023-31423 Brocade SANnav Information Disclosure Vulnerability", "creation_timestamp": "2024-02-29T21:31:37.000000Z"}, {"uuid": "2fc4efb4-afa9-436f-ba18-288f66559165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31421", "type": "seen", "source": "https://t.me/cibsecurity/72930", "content": "\u203c CVE-2023-31421 \u203c\n\nIt was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T07:44:26.000000Z"}, {"uuid": "adb07fe9-aa97-442d-82cd-82612891a12d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31424", "type": "seen", "source": "https://t.me/ctinow/197029", "content": "https://ift.tt/J26nqDV\nCVE-2023-31424 Brocade SANnav Authentication Bypass Vulnerability", "creation_timestamp": "2024-02-29T21:31:36.000000Z"}, {"uuid": "d708e11d-6183-473b-a55a-24028efba2f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31422", "type": "seen", "source": "https://t.me/cibsecurity/72937", "content": "\u203c CVE-2023-31422 \u203c\n\nAn issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T07:44:33.000000Z"}, {"uuid": "3953ec32-241f-4ffe-a217-5bf670f3ce91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31423", "type": "seen", "source": "https://t.me/cibsecurity/69509", "content": "\u203c CVE-2023-31423 \u203c\n\nPossible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav \"supportsave\" outputs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T07:12:52.000000Z"}, {"uuid": "abaa3799-0680-4575-b819-7c9212805a38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31425", "type": "seen", "source": "https://t.me/cibsecurity/67545", "content": "\u203c CVE-2023-31425 \u203c\n\nA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, \u00e2\u20ac\u0153root\u00e2\u20ac\ufffd account access is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T00:38:40.000000Z"}, {"uuid": "6207d530-3d06-47e7-92a7-6550cb0d2760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31429", "type": "seen", "source": "https://t.me/cibsecurity/67544", "content": "\u203c CVE-2023-31429 \u203c\n\nBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as \u00e2\u20ac\u0153chassisdistribute\u00e2\u20ac\ufffd, \u00e2\u20ac\u0153reboot\u00e2\u20ac\ufffd, \u00e2\u20ac\u0153rasman\u00e2\u20ac\ufffd, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T00:38:39.000000Z"}, {"uuid": "cec2960c-7964-4305-a29a-14173661c9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31428", "type": "seen", "source": "https://t.me/cibsecurity/67550", "content": "\u203c CVE-2023-31428 \u203c\n\nBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T07:38:59.000000Z"}]}