{"vulnerability": "CVE-2024-2743", "sightings": [{"uuid": "b7eba6a1-3a84-48c6-b391-183694e683b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27431", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2841", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27431\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\n\nWhen running an XDP program that is attached to a cpumap entry, we don't\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md->rx_queue_index value for XDP\nprograms running in a cpumap.\n\nThis means we're basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program.\n\ud83d\udccf Published: 2024-05-17T12:02:10.274Z\n\ud83d\udccf Modified: 2025-01-23T21:49:35.963Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297\n2. https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b\n3. https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95\n4. https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a\n5. https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6\n6. https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5", "creation_timestamp": "2025-01-23T22:03:39.000000Z"}, {"uuid": "0037288b-3819-4c78-a065-454560baef02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27435", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "164fff8b-2f3b-4612-9e69-0bf10227252c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2743", "type": "seen", "source": "https://t.me/cvedetector/5502", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-2743 - GitLab-EE Information Disclosure and Permission Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-2743 \nPublished : Sept. 12, 2024, 5:15 p.m. | 32\u00a0minutes ago \nDescription : An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-12T19:48:05.000000Z"}, {"uuid": "b1c1ae11-9968-4e8e-8277-0f2dc7c6099c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27439", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27439\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.\nThis issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.\nApache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.\n\nUsers are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.\n\ud83d\udccf Published: 2024-03-19T12:30:40Z\n\ud83d\udccf Modified: 2025-02-13T19:05:24Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-27439\n2. https://github.com/apache/wicket\n3. https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo\n4. http://www.openwall.com/lists/oss-security/2024/03/19/2", "creation_timestamp": "2025-02-13T19:16:42.000000Z"}, {"uuid": "b21a666f-b290-4331-b69a-a1a69b6768bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27439", "type": "seen", "source": "https://t.me/ctinow/211402", "content": "https://ift.tt/ZjBo69t\nCVE-2024-27439", "creation_timestamp": "2024-03-19T12:31:22.000000Z"}, {"uuid": "8f813612-eed6-4fa9-9971-e11bc7cdba53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27439", "type": "seen", "source": "https://t.me/ctinow/211819", "content": "https://ift.tt/JAunbtO\nCVE-2024-27439", "creation_timestamp": "2024-03-19T18:31:46.000000Z"}, {"uuid": "02aeee38-3141-4634-b4fe-9ac95c571a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27439", "type": "seen", "source": "https://t.me/ctinow/211399", "content": "https://ift.tt/ZjBo69t\nCVE-2024-27439", "creation_timestamp": "2024-03-19T12:26:52.000000Z"}]}