{"vulnerability": "CVE-2023-4061", "sightings": [{"uuid": "b22a4222-c16f-4cbf-86d2-834f802c3a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40611", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19436", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-40611\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows\u00a0authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.\n\ud83d\udccf Published: 2023-09-12T11:05:22.841Z\n\ud83d\udccf Modified: 2025-06-25T13:39:24.245Z\n\ud83d\udd17 References:\n1. https://github.com/apache/airflow/pull/33413\n2. https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0\n3. http://www.openwall.com/lists/oss-security/2023/11/12/1", "creation_timestamp": "2025-06-25T13:50:46.000000Z"}, {"uuid": "030cdcfa-2c06-42bc-a1c5-41a3daa5b681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40610", "type": "seen", "source": "https://t.me/ctinow/155512", "content": "https://ift.tt/38c1UwW\nCVE-2023-40610 | Apache Superset up to 2.1.2 CTE authorization", "creation_timestamp": "2023-12-17T06:36:33.000000Z"}, {"uuid": "e18f2de0-dde6-440b-92bc-8a5d9a193809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40611", "type": "seen", "source": "https://t.me/arpsyndicate/831", "content": "#ExploitObserverAlert\n\nCVE-2023-47037\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47037. We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0  Users should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\nFIRST-EPSS: 0.000710000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2023-12-01T06:46:53.000000Z"}, {"uuid": "ebbcbaf4-fa87-4b57-af5f-433bed207b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40618", "type": "seen", "source": "https://t.me/cibsecurity/70833", "content": "\u203c CVE-2023-40618 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T22:29:41.000000Z"}, {"uuid": "6fc57429-40c8-44bb-a4a0-fa72f986e078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40619", "type": "seen", "source": "https://t.me/cibsecurity/70838", "content": "\u203c CVE-2023-40619 \u203c\n\nphpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T22:29:46.000000Z"}, {"uuid": "64269c85-cf25-4099-8f91-8644797c8abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40611", "type": "seen", "source": "https://t.me/cibsecurity/70280", "content": "\u203c CVE-2023-40611 \u203c\n\nApache Airflow, versions before 2.7.1, is affected by a vulnerability that allows\u00c2\u00a0authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to version 2.7.1 or later which has removed the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-12T16:22:54.000000Z"}, {"uuid": "3522d429-8b66-4b26-8a4b-7158804b51e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40612", "type": "seen", "source": "https://t.me/cibsecurity/69079", "content": "\u203c CVE-2023-40612 \u203c\n\nIn OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T22:12:41.000000Z"}]}