{"vulnerability": "CVE-2024-3987", "sightings": [{"uuid": "84dad3bd-fc09-4c41-8378-d56b406c6f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/278", "content": "Apache Airflow SSTI to RCE (CVE-2024-39877)\n\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c CVE-2024-39877 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=8.8), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u0447\u0435\u0440\u0435\u0437 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e SSTI \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Scheduler Apache Airflow\n\nApache Airflow - \u044d\u0442\u043e \u041f\u041e \u043d\u0430 python \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u0432 2014 \u0433\u043e\u0434\u0443 \u0432 Airbnb, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e \u0448\u0438\u0440\u043e\u043a\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u0421\u0443\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u0441\u0430\u043d\u0438\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 doc_md, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 DAG (Directed Acyclic Graph) \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 Apache Airflow. \u0415\u0441\u043b\u0438 doc_md \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f .md  Airflow \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0442\u0435\u043c\u043f\u043b\u0435\u0439\u0442 \u0438\u0437 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e jinja2.Template(doc_md) \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a SSTI:\n\ndoc_md=\"\"\"\n    {{ ''.__class__.__mro__[1].__subclasses__() }}\n    \"\"\"\n\n\u042d\u0442\u043e\u0442 \u043f\u0435\u0439\u043b\u043e\u0430\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0432\u0441\u0435\u0445 \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e MRO (resolution order), \u0434\u0430\u043b\u0435\u0435 \u0434\u043e\u043a\u0440\u0443\u0447\u0438\u0432\u0430\u0435\u043c \u0434\u043e command injection \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 (popen, run, call, check_call \u0438 \u043f\u0440)\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0438\u043c\u0435\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 DAG'\u043e\u0432 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Apache Airflow, \u0447\u0442\u043e \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0430\u0433\u0443 \u0434\u043b\u044f \u043f\u0440\u043e\u0431\u0438\u0432\u0430, \u043d\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u0430 \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0433\u043e \u0437\u0430\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u0438\u044f \u0432\u043f\u043e\u043b\u043d\u0435 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043c\u0435\u0442\u043e\u0434\ud83d\ude0e\n\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: Apache Airflow 2.4.0 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.9.3\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.9.3", "creation_timestamp": "2024-08-07T07:54:12.000000Z"}, {"uuid": "a2ee5028-f88c-4ba1-9a01-fe4c53794c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39874", "type": "seen", "source": "https://t.me/cvedetector/330", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39874 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39874 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:22.000000Z"}, {"uuid": "8ee469f0-5885-4385-8b77-8959a6225171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39872", "type": "seen", "source": "https://t.me/cvedetector/332", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39872 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39872 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:24.000000Z"}, {"uuid": "d9b283bc-5d9e-4431-90ae-860d7461fa07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39873", "type": "seen", "source": "https://t.me/cvedetector/331", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39873 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39873 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:23.000000Z"}, {"uuid": "23961907-64a3-41d3-acf7-472ed73e79f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39871", "type": "seen", "source": "https://t.me/cvedetector/333", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39871 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39871 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:25.000000Z"}, {"uuid": "602e147b-186b-4827-aa51-8d854c8abd2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39875", "type": "seen", "source": "https://t.me/cvedetector/329", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39875 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39875 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:18.000000Z"}, {"uuid": "80417e43-11bb-48e6-9af5-e6b2e14e5906", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39876", "type": "seen", "source": "https://t.me/cvedetector/328", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39876 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39876 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:18.000000Z"}, {"uuid": "5514b0bf-920b-48ef-a2ae-22e9f94d3e2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "seen", "source": "https://t.me/HackingInsights/6471", "content": "\u200aCVE-2024-39877: Apache Airflow Security Update Addresses Code Execution Vulnerability\n\nhttps://securityonline.info/cve-2024-39877-apache-airflow-security-update-addresses-code-execution-vulnerability/", "creation_timestamp": "2024-07-18T10:13:02.000000Z"}, {"uuid": "ea872d17-0f80-4837-9c96-247fc63bd270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39870", "type": "seen", "source": "https://t.me/cvedetector/334", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39870 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39870 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:26.000000Z"}, {"uuid": "0e6ad222-cbb0-4f0f-95ce-83d10c721b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "seen", "source": "https://t.me/cvedetector/1066", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39877 - Apache Airflow File Writer Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39877 \nPublished : July 17, 2024, 8:15 a.m. | 21\u00a0minutes ago \nDescription : Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T10:41:47.000000Z"}, {"uuid": "310fcddc-c694-4fa6-8d50-eb5b17e2895a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/123", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:10.000000Z"}, {"uuid": "a407a6f9-2639-429b-b026-5f9550e2998f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/706", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:27.000000Z"}, {"uuid": "d9e5c897-9667-4d70-afa2-fb9f563baa3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "seen", "source": "https://t.me/thebugbountyhunter/8998", "content": "CVE-2024-39877: Apache Airflow Arbitrary Code Execution\n\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow/", "creation_timestamp": "2024-08-05T23:57:12.000000Z"}, {"uuid": "4d6d4b2c-95ee-415e-b3a4-197de78e7a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "published-proof-of-concept", "source": "Telegram/DOvVBYl81gcQnEx0SnDYShnK_l00AQ-j6ykpGr0q_-DsSYc", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "dff8df9c-a186-4415-83a0-5d16a937e03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "seen", "source": "https://t.me/true_secator/6054", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c\u0438 \u043f\u043e \u0418\u0411-\u0443\u0433\u0440\u043e\u0437\u0430\u043c.\n\n11-\u043b\u0435\u0442\u043d\u044f\u044f \u043e\u0448\u0438\u0431\u043a\u0430 CVE-2024-5535, , \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0443\u0442\u0435\u0447\u043a\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 OpenSSL.\n\nCrowdfense \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0430\u043d\u0430\u043b\u0438\u0437 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 LPE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2024-21338, \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Windows AppLocker, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\nSecureLayer7 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e CVE-2024-39877, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache Airflow RCE, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a FlowFixation.\n\nCertiK \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043c\u043e\u0449\u043d\u044b\u0439 \u0431\u0430\u0440\u044b\u0448 \u043e\u0442 Coinbase \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a.\n\n\u0421\u0443\u043c\u043c\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 $500 \u0442\u044b\u0441., \u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0443\u0447\u0435\u043d\u044b\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u0432\u0435\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 Voice over Wi-Fi (VoWiFi), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 2016 \u0433\u043e\u0434\u0430 \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435\u043c\u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0441\u0435\u0442\u044f\u043c\u0438 \u0438 \u043d\u0430 \u0432\u0441\u0435\u0445 \u043d\u043e\u0432\u044b\u0445 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0430\u0445.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e 13 \u0438\u0437 275 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0438\u043c\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043a\u043b\u044e\u0447\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u0432 WLAN, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u044b 5G \u0441 \u0447\u0438\u043f\u0430\u043c\u0438 MediaTek \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u0430\u0431\u044b\u0435 \u0444\u043e\u0440\u043c\u044b \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u0432 WLAN, \u0447\u0442\u043e \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430.\n\n\u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 140 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0436\u0435 \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442\u0441\u044f.\n\nWhite Knight Labs \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 LayeredSyscall\u00a0- \u043d\u043e\u0432\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u043a\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u0435\u043a\u0442\u043e\u0440\u043d\u044b\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 (VEH) \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 EDR.\n\n\u0418, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u043d\u0430 \u0434\u0435\u0441\u0435\u0440\u0442, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 [PDF] \u043e\u0442 \u0431\u0435\u043b\u044c\u0433\u0438\u0439\u0441\u043a\u0438\u0445 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0437\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432.\n\n\u041a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0448\u0435\u0441\u0442\u044c \u0438\u0437 15 \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Badoo, Bumble, Grindr, happn, Hinge \u0438 Hily, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0441\u043b\u0438\u0432\u0430\u044e\u0442 \u0442\u043e\u0447\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u044f\u0432\u043b\u044f\u044f\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0442\u0440\u0438\u0430\u043d\u0433\u0443\u043b\u044f\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0438, 15 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u0438\u0447\u043d\u043e\u0439 \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438  \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.", "creation_timestamp": "2024-08-02T17:50:05.000000Z"}, {"uuid": "4c469f76-2001-4900-9cae-0d2fba0b42d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39877", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/10944", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html", "creation_timestamp": "2024-10-24T19:21:02.000000Z"}]}