3 matches found
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works...
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
MongoDB Ops Manager Diagnostics Archive does not redact SAML SSL Pem Key File Password field mms.saml.ssl.PEMKeyFilePassword within app settings. Archives do not include the PEM files themselves. This module extracts that unredacted password and stores the diagnostic archive for additional manual...
CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12...