Authentication Bypass

s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

Exploit for CVE-2020-13933

CVE-2020-13933 靶场 shiro 权限配置， 当请求 /res/ 资源时， 302 跳转到登陆页面进行身份认证 - NameController.java： · /res/name： 请求名为 name 的的资源（触发身份认证） · /res/： 不请求任何资源（不触发身份认证） 靶场验证 不在请求路由中指定资源名称时，不触发身份验证，也无资源返回： http://127.0.0.1:8080/res/ 在请求路由中指定资源名称时，302 跳转到身份验证页面： http://127.0.0.1:8080/res/poc 构造特定 PoC...

GHSA-C735-G9F2-2MVP Cross-Site Request Forgery in Jenkins

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Implementations of that extension point received a different representation of the URL path than the Stapler web framework uses to dispatch requests in Jenkins 2.227 and earlie...

jenkins: CSRF protection bypass via crafted URLs

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...