Lucene search
K

8 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/08/16 6:33 p.m.48 views

Metasploit Weekly Wrap-Up 08/16/2024

New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...

9.8CVSS9AI score0.9921EPSS
Exploits20
Packet Storm
Packet Storm
added 2024/08/15 12:0 a.m.275 views

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMetadata authentication bypass and SpEL injection exploit chain', 'Description' = %q OpenMetadata is a unified platform for discovery,...

9.8CVSS7AI score0.73255EPSS
Exploits5
0day.today
0day.today
added 2024/08/15 12:0 a.m.372 views

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS9.7AI score0.73255EPSS
Exploits5
Metasploit
Metasploit
added 2024/08/14 6:52 p.m.221 views

OpenMetadata authentication bypass and SpEL injection exploit chain

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vulnerabilities that exist in the OpenMetadata aplication. The first vulnerability, CVE-2024-28255,...

9.8CVSS9.7AI score0.73255EPSS
Exploits5
Circl
Circl
added 2024/03/15 9:22 p.m.24 views

CVE-2024-28254

creationtimestamp| type| source ---|---|--- 2024-03-15 21:22:16+00:00| seen| https://t.me/ctinow/209160 2024-03-15 21:26:26+00:00| seen| https://t.me/ctinow/209173 2024-04-18 12:37:11+00:00| exploited| https://t.me/itsecnews/4333 2024-04-18 15:16:29+00:00| seen| https://t.me/ctinow/215638...

8.8CVSS7.5AI score0.45725EPSS
Exploits3References6
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.39 views

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS9.6AI score0.45725EPSS
Exploits3References5
OSV
OSV
added 2024/03/15 7:55 p.m.11 views

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS9.6AI score0.45725EPSS
Exploits3References7
CVE
CVE
added 2024/03/15 7:55 p.m.235 views

CVE-2024-28254

OpenMetadata CVE-2024-28254 is a SpEL injection at GET /api/v1/events/subscriptions/validation/condition/, allowed by AlertUtil::validateExpression, which can reach java.lang.Runtime via StandardEvaluationContext to perform arbitrary commands (RCE). Authentication bypass concerns exist via CVE-20...

8.8CVSS9.7AI score0.45725EPSS
In wildExploits3References5Affected Software1
Rows per page
Query Builder