{"vulnerability": "CVE-2023-4431", "sightings": [{"uuid": "6630cfc7-bbd0-43d5-a576-734339f89da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44313", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4339", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-44313\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.\n\ud83d\udccf Published: 2024-01-31T09:30:18Z\n\ud83d\udccf Modified: 2025-02-13T19:32:39Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-44313\n2. https://github.com/apache/servicecomb-service-center\n3. https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r\n4. http://www.openwall.com/lists/oss-security/2024/01/31/4", "creation_timestamp": "2025-02-13T20:14:38.000000Z"}, {"uuid": "2c59d7bc-704a-44ae-b331-0387a052dbcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44312", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4340", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-44312\n\ud83d\udd25 CVSS Score: 6.0 (CVSS_V3)\n\ud83d\udd39 Description: Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.\n\ud83d\udccf Published: 2024-01-31T09:30:18Z\n\ud83d\udccf Modified: 2025-02-13T19:32:35Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-44312\n2. https://github.com/apache/servicecomb-service-center\n3. https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s\n4. http://www.openwall.com/lists/oss-security/2024/01/31/5", "creation_timestamp": "2025-02-13T20:14:58.000000Z"}, {"uuid": "66450ac4-e0c3-4cab-8c75-08850c60ae0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44313", "type": "seen", "source": "Telegram/5viUor3PDSvPiqgNCr88mEj2y9oAxMu41yUy-oSPp0S00Q", "content": "", "creation_timestamp": "2024-02-04T02:49:41.000000Z"}, {"uuid": "a35bc20a-b446-44ef-a92f-8f3e1bc0f123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44311", "type": "seen", "source": "https://t.me/cibsecurity/72412", "content": "\u203c CVE-2023-44311 \u203c\n\nMultiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T14:32:53.000000Z"}, {"uuid": "39707efa-9337-46af-a534-eea0dce0f2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44310", "type": "seen", "source": "https://t.me/cibsecurity/72411", "content": "\u203c CVE-2023-44310 \u203c\n\nStored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's \"Name\" text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T14:32:52.000000Z"}, {"uuid": "d5ba8e8a-a300-4ddb-8ffc-399f0285a89c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44313", "type": "seen", "source": "https://t.me/ctinow/190733", "content": "https://ift.tt/5jW8KLO\nCVE-2023-44313 | Apache ServiceComb Service-Center up to 2.1.0 server-side request forgery", "creation_timestamp": "2024-02-22T14:12:22.000000Z"}, {"uuid": "06c2dd7c-9890-4517-9f47-fbcacfba55bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44312", "type": "seen", "source": "https://t.me/ctinow/190732", "content": "https://ift.tt/0PFrjiC\nCVE-2023-44312 | Apache ServiceComb Service-Center up to 2.1.0 information disclosure", "creation_timestamp": "2024-02-22T14:12:21.000000Z"}, {"uuid": "97eeb086-e90e-463d-a879-558782fe1321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44313", "type": "seen", "source": "https://t.me/ctinow/176627", "content": "https://ift.tt/fMB2zcr\nCVE-2023-44313", "creation_timestamp": "2024-01-31T10:21:40.000000Z"}, {"uuid": "fd01f8e1-8c34-48ec-b74f-b406b77538c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44312", "type": "seen", "source": "https://t.me/ctinow/176626", "content": "https://ift.tt/Q6HEaFK\nCVE-2023-44312", "creation_timestamp": "2024-01-31T10:21:39.000000Z"}, {"uuid": "2b138ed5-0058-4cb2-b72e-89995a3cdc9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44313", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9943", "content": "#exploit\n1. Docker Remote API Scanner and Exploit\nhttps://github.com/justakazh/DockerExploit\n\n2. PoC of BITB w/out the use of iframes\nhttps://github.com/waelmas/frameless-bitb\n\n3. CVE-2023-44313:\nApache ServiceComb <2.1 - SSRF\nhttps://xz.aliyun.com/t/13548", "creation_timestamp": "2024-02-10T15:53:58.000000Z"}]}