Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrLujiefsi756328AD-A6FB-4C50-885A-C65189B5690A
HistoryApr 17, 2023 - 8:43 a.m.

attack can change the immutable name and type of nodes

2023-04-1708:43:32
lujiefsi
www.huntr.dev
9
node modification
user authentication
hijacking

EPSS

0.002

Percentile

61.1%

JSON

1 admin create a node

2 add user1 as one owner

3 login as user1

4 user1 edit the the node

5 user1 finds that the name and type can not be changed.

6 user1 still edit the node and using the burpsuit to hijack the request

7 the request content can be like

{“name”:“te1”,“type”:“CLICKHOUSE”,“inCharges”:“user1,admin”,“description”:“123”,“username”:“admin”,“token”:null,“url”:“127.0.0.1:8080”,“id”:1,“version”:5}

8 change the name as te2(we can also change type)

9 result shows that the the name was successfully changed as te2

Related

osv 2
cvelist 1
github 1
prion 1
cve 1
cnvd 1
nvd 1
osv
osv
CVE-2023-31206
2023-05-22 14:15:09
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
2023-07-06 21:14:59
cvelist
cvelist
CVE-2023-31206 Apache InLong: Attackers can change the immutable name and type of nodes
2023-05-22 13:58:19
github
github
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
2023-07-06 21:14:59
prion
prion
Design/Logic Flaw
2023-05-22 14:15:00
cve
cve
CVE-2023-31206
2023-05-22 14:15:09
cnvd
cnvd
Apache InLong Security Bypass Vulnerability (CNVD-2023-42958)
2023-05-28 00:00:00
nvd
nvd
CVE-2023-31206
2023-05-22 14:15:09

EPSS

0.002

Percentile

61.1%

JSON
Related for 756328AD-A6FB-4C50-885A-C65189B5690A
osv2cvelist1github1prion1cve1cnvd1nvd1