CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24495
https://notcve.org/view.php?id=CVE-2023-24495
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. Existe una vulnerabilidad Server Side Request Forgery (SSRF) en Tenable.sc debido a una validación incorrecta de la sesión y del proceso. datos de entrada accesibles para el usuario. Un atacante remoto autenticado y privilegiado podría interactuar con servicios internos y externos de forma encubierta. • https://www.tenable.com/security/tns-2023-03 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0476
https://notcve.org/view.php?id=CVE-2023-0476
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection. Existe una vulnerabilidad de inyección LDAP en Tenable.sc debido a una validación incorrecta de la entrada proporcionada por el usuario antes de devolverla a los usuarios. Un atacante autenticado podría generar datos en Active Directory utilizando la cuenta de la aplicación mediante una inyección blind de LDAP. • https://www.tenable.com/security/tns-2023-03 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24493
https://notcve.org/view.php?id=CVE-2023-24493
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. Existe una vulnerabilidad de inyección de fórmula en Tenable.sc debido a una validación incorrecta de la entrada proporcionada por el usuario antes de devolverla a los usuarios. Un atacante autenticado podría aprovechar el sistema de informes para exportar informes que contengan fórmulas, que luego requerirían que la víctima los aprobara y ejecutara en un host. • https://www.tenable.com/security/tns-2023-03 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24494
https://notcve.org/view.php?id=CVE-2023-24494
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en Tenable.sc debido a una validación incorrecta de la entrada proporcionada por el usuario antes de devolverla a los usuarios. Un atacante remoto autenticado puede aprovechar esto convenciendo a un usuario de que haga clic en una URL especialmente manipulada para ejecutar código de script arbitrario en la sesión del navegador de un usuario. • https://www.tenable.com/security/tns-2023-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24828 – Missing input validation can lead to command execution in composer
https://notcve.org/view.php?id=CVE-2022-24828
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. • https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG https://www.tenable.com& • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •