Vulnerabilites related to yogeshojha - rengine
cve-2022-28995
Vulnerability from cvelistv5
Published
2022-05-20 18:31
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zongdeiqianxing/rengine/issues/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:58.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T18:31:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zongdeiqianxing/rengine/issues/1",
"refsource": "MISC",
"url": "https://github.com/zongdeiqianxing/rengine/issues/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28995",
"datePublished": "2022-05-20T18:31:32",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:58.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38606
Vulnerability from cvelistv5
Published
2021-08-12 15:57
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
reNgine through 0.5 relies on a predictable directory name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine through 0.5 relies on a predictable directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T15:57:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "reNgine through 0.5 relies on a predictable directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c",
"refsource": "MISC",
"url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38606",
"datePublished": "2021-08-12T15:57:18",
"dateReserved": "2021-08-12T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-24967
Vulnerability from cvelistv5
Published
2025-02-04 19:28
Modified
2025-02-04 19:54
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-23wx-5q5w-334w | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: <= 2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24967",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:54:22.170283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:54:30.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-23wx-5q5w-334w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel\u0027s user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:28:16.069Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-23wx-5q5w-334w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-23wx-5q5w-334w"
}
],
"source": {
"advisory": "GHSA-23wx-5q5w-334w",
"discovery": "UNKNOWN"
},
"title": "Stored XSS on Admin Panel When Deleting a User in reNgine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24967",
"datePublished": "2025-02-04T19:28:16.069Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-02-04T19:54:30.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50094
Vulnerability from cvelistv5
Published
2024-01-01 00:00
Modified
2024-08-14 16:16
Severity ?
EPSS score ?
Summary
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yogeshojha/rengine/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yogeshojha/rengine/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mattz.io/posts/cve-2023-50094/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:16:58.502042",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195"
},
{
"url": "https://github.com/yogeshojha/rengine/security"
},
{
"url": "https://github.com/yogeshojha/rengine/releases"
},
{
"url": "https://www.mattz.io/posts/cve-2023-50094/"
},
{
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4"
},
{
"url": "https://github.com/yogeshojha/rengine/commit/3d5f1724dd12cf9861443742e7d7c02ff8c75a6f"
},
{
"url": "https://github.com/yogeshojha/rengine/commit/edd3c85ee16f93804ad38dac5602549d2d30a93e"
},
{
"url": "https://github.com/yogeshojha/rengine/blob/53d9f505f04861a5040195ea71f20907ff90577a/web/api/views.py#L268-L275"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50094",
"datePublished": "2024-01-01T00:00:00",
"dateReserved": "2023-12-04T00:00:00",
"dateUpdated": "2024-08-14T16:16:58.502042",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-24962
Vulnerability from cvelistv5
Published
2025-02-03 20:58
Modified
2025-02-12 20:51
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-cg75-ph7x-5rr9 | x_refsource_CONFIRM | |
| https://github.com/yogeshojha/rengine/commit/c28e5c8d304478a787811580b4d80b330920ace4 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: <= 2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24962",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T21:13:39.129230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:26.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T20:58:06.512Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-cg75-ph7x-5rr9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-cg75-ph7x-5rr9"
},
{
"name": "https://github.com/yogeshojha/rengine/commit/c28e5c8d304478a787811580b4d80b330920ace4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yogeshojha/rengine/commit/c28e5c8d304478a787811580b4d80b330920ace4"
}
],
"source": {
"advisory": "GHSA-cg75-ph7x-5rr9",
"discovery": "UNKNOWN"
},
"title": "Command Injection in reNgine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24962",
"datePublished": "2025-02-03T20:58:06.512Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-02-12T20:51:26.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-24899
Vulnerability from cvelistv5
Published
2025-02-03 21:01
Modified
2025-02-12 20:51
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38 | x_refsource_CONFIRM | |
| https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: < 2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T21:12:32.233234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:25.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T21:01:31.624Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38"
},
{
"name": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99"
}
],
"source": {
"advisory": "GHSA-r3fp-xr9f-wv38",
"discovery": "UNKNOWN"
},
"title": "Disclosure of Sensitive User Information via API in reNgine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24899",
"datePublished": "2025-02-03T21:01:31.624Z",
"dateReserved": "2025-01-27T15:32:29.452Z",
"dateUpdated": "2025-02-12T20:51:25.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-24968
Vulnerability from cvelistv5
Published
2025-02-04 19:28
Modified
2025-02-04 19:52
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: <= 2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24968",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:52:21.337798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:52:37.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:28:53.156Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396"
}
],
"source": {
"advisory": "GHSA-3327-6x79-q396",
"discovery": "UNKNOWN"
},
"title": "Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24968",
"datePublished": "2025-02-04T19:28:53.156Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-02-04T19:52:37.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36566
Vulnerability from cvelistv5
Published
2022-08-31 17:12
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zongdeiqianxing/rengine/issues/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T17:12:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zongdeiqianxing/rengine/issues/2",
"refsource": "MISC",
"url": "https://github.com/zongdeiqianxing/rengine/issues/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36566",
"datePublished": "2022-08-31T17:12:13",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43381
Vulnerability from cvelistv5
Published
2024-08-16 14:38
Modified
2024-08-16 15:01
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7 | x_refsource_CONFIRM | |
| https://github.com/yogeshojha/rengine/commit/064bac1c7c4d2b90745bf225c92e74d83edb7a4d | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: <= 2.1.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rengine_project:rengine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rengine",
"vendor": "rengine_project",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43381",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:00:18.420487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:01:31.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain\u0027s DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine\u0027s dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T14:38:23.799Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7"
},
{
"name": "https://github.com/yogeshojha/rengine/commit/064bac1c7c4d2b90745bf225c92e74d83edb7a4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yogeshojha/rengine/commit/064bac1c7c4d2b90745bf225c92e74d83edb7a4d"
}
],
"source": {
"advisory": "GHSA-96q4-fj2m-jqf7",
"discovery": "UNKNOWN"
},
"title": "reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43381",
"datePublished": "2024-08-16T14:38:23.799Z",
"dateReserved": "2024-08-09T14:23:55.514Z",
"dateUpdated": "2024-08-16T15:01:31.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41661
Vulnerability from cvelistv5
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate.
Replaced by CVE-2023-50094
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-29T22:20:26.289Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"rejectedReasons": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate."
}
],
"replacedBy": [
"CVE-2023-50094"
]
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41661",
"datePublished": "2024-07-23T17:22:01.009Z",
"dateRejected": "2024-08-29T22:20:26.289Z",
"dateReserved": "2024-07-18T15:21:47.483Z",
"dateUpdated": "2024-08-29T22:20:26.289Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-24966
Vulnerability from cvelistv5
Published
2025-02-04 19:26
Modified
2025-02-04 19:55
Severity ?
EPSS score ?
Summary
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. Exploitation of HTML Injection can compromise the application's integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected. This issue affects all versions up to and including 2.2.0. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/yogeshojha/rengine/security/advisories/GHSA-4phc-m2wm-p8x6 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yogeshojha | rengine |
Version: <= 2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24966",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:55:27.834204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:55:31.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-4phc-m2wm-p8x6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rengine",
"vendor": "yogeshojha",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the \"Add Target\" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. Exploitation of HTML Injection can compromise the application\u0027s integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization\u0027s reputation, customer trust, and regulatory compliance could be negatively affected. This issue affects all versions up to and including 2.2.0. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:27:39.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-4phc-m2wm-p8x6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-4phc-m2wm-p8x6"
}
],
"source": {
"advisory": "GHSA-4phc-m2wm-p8x6",
"discovery": "UNKNOWN"
},
"title": "HTML Injection in reNgine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24966",
"datePublished": "2025-02-04T19:26:54.322Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-02-04T19:55:31.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-08-16 15:15
Modified
2024-09-11 13:02
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yogeshojha | rengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A408C2DE-5F8C-47A3-BBBE-4F46EEF02963",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain\u0027s DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine\u0027s dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3."
},
{
"lang": "es",
"value": "reNgine es un framework de reconocimiento automatizado para aplicaciones web. Las versiones 2.1.2 y anteriores son susceptibles a ataques de Cross-Site Scripting (XSS) Almacenado. Esta vulnerabilidad ocurre al escanear un dominio, y si el registro DNS del dominio de destino contiene un payload XSS, conduce a la ejecuci\u00f3n de scripts maliciosos en la vista del panel de reNgine cuando cualquier usuario ve los resultados del escaneo. El payload XSS se obtiene directamente del registro DNS del dominio de destino remoto. En consecuencia, un atacante puede ejecutar el ataque sin requerir ninguna entrada adicional por parte del objetivo o del usuario de reNgine. Hay un parche disponible y se espera que forme parte de la versi\u00f3n 2.1.3."
}
],
"id": "CVE-2024-43381",
"lastModified": "2024-09-11T13:02:26.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-16T15:15:29.000",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/yogeshojha/rengine/commit/064bac1c7c4d2b90745bf225c92e74d83edb7a4d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-87"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 18:15
Modified
2024-11-21 07:13
Severity ?
Summary
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zongdeiqianxing/rengine/issues/2 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zongdeiqianxing/rengine/issues/2 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yogeshojha | rengine | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yogeshojha:rengine:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EC7544-DE01-459C-AAEE-BA6815D98AFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function."
},
{
"lang": "es",
"value": "Se ha detectado que Rengine versi\u00f3n v1.3.0, contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio de la funci\u00f3n scan engine"
}
],
"id": "CVE-2022-36566",
"lastModified": "2024-11-21T07:13:19.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T18:15:08.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-01 18:15
Modified
2024-11-21 08:36
Severity ?
Summary
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yogeshojha | rengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "157845CF-1B64-4A38-988A-4FA073AD48E2",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output."
},
{
"lang": "es",
"value": "reNgine hasta 2.0.2 permite la inyecci\u00f3n de comandos del sistema operativo si un adversario tiene una ID de sesi\u00f3n v\u00e1lida. El ataque coloca metacaracteres del shell en una cadena api/tools/waf_detector/?url=. Los comandos se ejecutan como root a trav\u00e9s de subprocess.check_output."
}
],
"id": "CVE-2023-50094",
"lastModified": "2024-11-21T08:36:31.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-01T18:15:09.130",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/yogeshojha/rengine/blob/53d9f505f04861a5040195ea71f20907ff90577a/web/api/views.py#L268-L275"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/yogeshojha/rengine/commit/3d5f1724dd12cf9861443742e7d7c02ff8c75a6f"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/yogeshojha/rengine/commit/edd3c85ee16f93804ad38dac5602549d2d30a93e"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/yogeshojha/rengine/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/yogeshojha/rengine/security"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.mattz.io/posts/cve-2023-50094/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/yogeshojha/rengine/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/yogeshojha/rengine/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.mattz.io/posts/cve-2023-50094/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 19:15
Modified
2024-11-21 06:58
Severity ?
Summary
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zongdeiqianxing/rengine/issues/1 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zongdeiqianxing/rengine/issues/1 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yogeshojha | rengine | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yogeshojha:rengine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DBB0A-5133-439C-9DDA-AC51EE0CC501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function."
},
{
"lang": "es",
"value": "Se ha detectado que Rengine versi\u00f3n v1.0.2, contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de la funci\u00f3n yaml configuration"
}
],
"id": "CVE-2022-28995",
"lastModified": "2024-11-21T06:58:18.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T19:15:08.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/zongdeiqianxing/rengine/issues/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
reNgine through 0.5 relies on a predictable directory name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yogeshojha | rengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC07F4CC-92BB-4A9F-A6A0-25FB5122E4C9",
"versionEndIncluding": "0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "reNgine through 0.5 relies on a predictable directory name."
},
{
"lang": "es",
"value": "reNgine versiones hasta 0.5, se basa en un nombre de directorio predecible"
}
],
"id": "CVE-2021-38606",
"lastModified": "2024-11-21T06:17:40.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T16:15:10.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}