Lucene search
K

156 matches found

Github Security Blog
Github Security Blog
added 2024/11/21 11:19 p.m.35 views

SFTPGo allows administrators to restrict command execution from the EventManager

Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...

5.1CVSS6.7AI score0.00598EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/11/21 11:19 p.m.17 views

GHSA-49CC-XRJF-9QF7 SFTPGo allows administrators to restrict command execution from the EventManager

Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...

5.1CVSS6.5AI score0.00598EPSS
Exploits0References6
OSV
OSV
added 2024/11/21 7:52 p.m.32 views

GO-2024-3283 SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo

SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo...

5.1CVSS6.3AI score0.00598EPSS
Exploits0References4
NVD
NVD
added 2024/11/21 6:15 p.m.37 views

CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS0.00598EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/21 5:11 p.m.16 views

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS7.2AI score0.00598EPSS
Exploits0References3
OSV
OSV
added 2024/11/21 5:11 p.m.16 views

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS6.7AI score0.00598EPSS
Exploits0References5
CVE
CVE
added 2024/11/21 5:11 p.m.63 views

CVE-2024-52309

SFTPGo CVE-2024-52309 involves the EventManager allowing administrators to execute scripts or commands, which can grant access to the underlying OS/container with the same permissions as the SFTPGo process. The root cause is that command execution could be performed by any admin with script-permi...

5.1CVSS6.8AI score0.00598EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/21 5:11 p.m.46 views

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS0.00598EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.5 views

SFTPGo 输入验证错误漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. An input validation error vulnerability exists in SFTPGo versions prior to 2.4.0 through 2.6.3, which stems from the ability of an administrator to access the underlying operating...

5.1CVSS6.4AI score0.00598EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 4:3 p.m.12 views

GO-2022-1015 SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo

SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo...

6.1CVSS6AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2024/08/21 4:3 p.m.22 views

GO-2022-0964 SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo

SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo...

8.3CVSS8AI score0.00422EPSS
Exploits1References3
Veracode
Veracode
added 2024/07/23 6:55 a.m.20 views

Insecure Direct Object Reference (IDOR)

github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the lack of proper security measures such as JWT ID JTI claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted...

6.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/22 9:31 a.m.19 views

Withdrawn: SFTPGo's JWT implmentation lacks certain security measures

Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...

5.3AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/22 9:31 a.m.16 views

GHSA-X72P-G37Q-4XR9 Withdrawn: SFTPGo's JWT implmentation lacks certain security measures

Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...

7.1CVSS6.4AI score
Exploits0References4
NVD
NVD
added 2024/07/22 7:15 a.m.19 views

CVE-2024-40430

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0
OSV
OSV
added 2024/07/22 7:15 a.m.17 views

CVE-2024-40430

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/22 12:0 a.m.16 views

CVE-2024-40430

...

5.2AI score
Exploits0
CVE
CVE
added 2024/07/22 12:0 a.m.84 views

CVE-2024-40430

CVE-2024-40430 is rejected and not an active vulnerability entry.

5.2AI score
Exploits0
Cvelist
Cvelist
added 2024/07/22 12:0 a.m.23 views

CVE-2024-40430

...

Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.28 views

CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

5.9CVSS7.1AI score0.9378EPSS
Exploits4References2
Rows per page
Query Builder