{"vulnerability": "CVE-2023-3900", "sightings": [{"uuid": "7402d1dc-0a56-4063-a430-0c967f97fcf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39004", "type": "seen", "source": "https://t.me/cibsecurity/68124", "content": "\u203c CVE-2023-39004 \u203c\n\nInsecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:30.000000Z"}, {"uuid": "ad6bab47-cd7f-41d7-8a2a-8d7af134d707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39001", "type": "seen", "source": "https://t.me/cibsecurity/68109", "content": "\u203c CVE-2023-39001 \u203c\n\nA command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:06.000000Z"}, {"uuid": "b472334b-14b9-478a-856e-459bc760ca96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39007", "type": "seen", "source": "https://t.me/cibsecurity/68127", "content": "\u203c CVE-2023-39007 \u203c\n\n/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:32.000000Z"}, {"uuid": "1b5f5fa4-2940-4b24-9a91-7fa6fd11d87f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39002", "type": "seen", "source": "https://t.me/cibsecurity/68117", "content": "\u203c CVE-2023-39002 \u203c\n\nA cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:17.000000Z"}, {"uuid": "021cbd04-0682-4182-aaae-a941bc7a6861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39008", "type": "seen", "source": "https://t.me/cibsecurity/68115", "content": "\u203c CVE-2023-39008 \u203c\n\nA command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T01:39:36.000000Z"}, {"uuid": "255b9ace-21e9-4e2c-b84c-ed6efda54ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39000", "type": "seen", "source": "https://t.me/cibsecurity/68113", "content": "\u203c CVE-2023-39000 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:10.000000Z"}, {"uuid": "0f1ec928-46ed-46fd-90f7-53258bf269e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3900", "type": "seen", "source": "https://t.me/cibsecurity/67547", "content": "\u203c CVE-2023-3900 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T16:53:01.000000Z"}]}