{"vulnerability": "cve-2024-4062", "sightings": [{"uuid": "08c67d56-3989-47a5-9c25-f653b7a6889b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-40628\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2024-07-18T17:05:21.662Z\n\ud83d\udccf Modified: 2025-03-25T19:58:34.928Z\n\ud83d\udd17 References:\n1. https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9\n2. https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", "creation_timestamp": "2025-03-25T20:24:37.000000Z"}, {"uuid": "d7f682f5-5316-42b2-be1c-0d118bc4ebdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lla4xdhvqp2g", "content": "", "creation_timestamp": "2025-03-25T20:40:20.556946Z"}, {"uuid": "15f64959-9308-40fe-b157-42be7fe919b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lla4xbxug42p", "content": "", "creation_timestamp": "2025-03-25T20:40:18.898099Z"}, {"uuid": "e8f10a46-ce2c-4e6d-b720-06139ab3648b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "seen", "source": "https://t.me/cvedetector/1166", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40629 - JumpServer Ansible Playbook Arbitrary File Write RCE\", \n  \"Content\": \"CVE ID : CVE-2024-40629 \nPublished : July 18, 2024, 5:15 p.m. | 41\u00a0minutes ago \nDescription : JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T20:08:23.000000Z"}, {"uuid": "3440e89b-7c7b-49c5-a5d6-b2a87b31416a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8766", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-40629\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2024-07-18T17:04:10.251Z\n\ud83d\udccf Modified: 2025-03-25T19:59:14.014Z\n\ud83d\udd17 References:\n1. https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v\n2. https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", "creation_timestamp": "2025-03-25T20:24:36.000000Z"}, {"uuid": "ccdea4d0-1e0a-4c96-8b34-8ce2acadcac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6892", "content": "\u200aCVE-2024-40628 & CVE-2024-40629: Two Maximum Severity Flaws in JumpServer\n\nhttps://securityonline.info/cve-2024-40628-cve-2024-40629-two-maximum-severity-flaws-in-jumpserver/", "creation_timestamp": "2024-07-22T10:18:14.000000Z"}, {"uuid": "0bbc5c04-bd3a-4dc2-8061-3cd9e08b3ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40620", "type": "seen", "source": "https://t.me/cvedetector/3204", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40620 - Fleetmanager Console\u0e2a\u0e32\u0e27 Dashboard Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-40620 \nPublished : Aug. 14, 2024, 8:15 p.m. | 40\u00a0minutes ago \nDescription : CVE-2024-40620 IMPACT  \n  \nA vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T23:15:09.000000Z"}, {"uuid": "966c1872-7449-4a10-a484-d48fc4d24136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "seen", "source": "https://t.me/cvedetector/1165", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40628 - JumpServer Ansible File Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40628 \nPublished : July 18, 2024, 5:15 p.m. | 41\u00a0minutes ago \nDescription : JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T20:08:22.000000Z"}, {"uuid": "c1acf09e-24e0-49a6-8522-1512a676b121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40626", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/553", "content": "#exploit\n1. CVE-2024-29511:\nAbusing Ghostscript\u2019s OCR device\nhttps://codeanlabs.com/blog/research/cve-2024-29511-abusing-ghostscripts-ocr-device\n\n2. CVE-2024-40626:\nStored XSS in Outline editor\n(Type confusion attacks in ProseMirror editors)\nhttps://blog.calif.io/p/type-confusion-attacks-in-prosemirror\n\n3. Getting Unauthenticated RCE on the Logsign Unified SecOps Platform\nhttps://www.zerodayinitiative.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform", "creation_timestamp": "2024-07-20T18:08:21.000000Z"}, {"uuid": "0700209a-73ce-4ad0-b725-b7fe1e6e3b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40624", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/903", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40624 - TorrentPier PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40624 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to an arbitrary file, and execute commands on the system. For instance, the cookie bb_t will be deserialized when browsing to viewforum.php. This issue has been addressed in commit `ed37e6e52` which is expected to be included in release version 2.4.4. Users are advised to upgrade as soon as the new release is available. There are no known workarounds for this vulnerability. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:27.000000Z"}, {"uuid": "63d780a5-4687-4793-8eec-9ab6c38ca106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40627", "type": "seen", "source": "https://t.me/cvedetector/900", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40627 - Fastapi OPA Entity Discovery Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40627 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP `OPTIONS` requests are always allowed by `OpaMiddleware`, even when they lack authentication, and are passed through directly to the application. `OpaMiddleware` allows all HTTP `OPTIONS` requests without evaluating it against any policy. If an application provides different responses to HTTP `OPTIONS` requests based on an entity existing (such as to indicate whether an entity is writable on a system level), an unauthenticated attacker could discover which entities exist within an application. This issue has been addressed in release version 2.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:24.000000Z"}, {"uuid": "310b0606-40bf-4704-b347-31972fce4cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40626", "type": "seen", "source": "https://t.me/cvedetector/982", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40626 - Outline Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40626 \nPublished : July 16, 2024, 5:15 p.m. | 16\u00a0minutes ago \nDescription : Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror\u2019s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T19:37:55.000000Z"}, {"uuid": "164e6432-17d1-42e9-94a9-34aca3161195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "seen", "source": "https://t.me/ViralCyber/4068", "content": "\u26a0\ufe0f\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0641\u0648\u0642 \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc JumpServer\n\ud83d\udd34\u0634\u0627\u06cc\u062f \u0627\u0633\u0645 JumpServer \u0628\u0647 \u06af\u0648\u0634 \u0634\u0645\u0627 \u0622\u0634\u0646\u0627 \u0646\u0628\u0627\u0634\u062f. \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u06cc\u06a9 #PAM \u0645\u062a\u0646 \u0628\u0627\u0632 (Open Source) \u0627\u0633\u062a \u0648 \u062e\u06cc\u0644\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u0647\u0627 \u0647\u0645 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u06a9\u0646\u0646\u062f. \n\ud83d\udd34\u0627\u062e\u06cc\u0631\u0627 \u062f\u0648 #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc CVE-2024-40628 \u0648 CVE-2024-40629 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 10 \u06a9\u0634\u0641 \u0634\u062f\u0647!\n\ud83d\udd34\u0639\u0645\u0642 \u0641\u0627\u062c\u0639\u0647 \u0627\u06cc\u0646\u062c\u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0631\u0648\u06cc #JumpServer  \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0646\u062f \u0648 \u0642\u0637\u0639\u0627 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u062f\u0627\u0631\u0646\u062f!\n\ud83d\udd34\u0627\u0645\u06cc\u062f\u0648\u0627\u0631\u06cc\u0645 \u0622\u0646 \u0645\u0627\u062c\u0631\u0627 \u06a9\u0647 \u0628\u0631\u0627\u06cc Mail Server\u0647\u0627\u06cc #\u0628\u0648\u0645\u06cc \u06a9\u0647 \u0628\u0631 \u0628\u0633\u062a\u0631 #Zimbra \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0648\u062f\u0646\u062f \u0627\u062a\u0641\u0627\u0642 \u0627\u0641\u062a\u0627\u062f \u062a\u06a9\u0631\u0627\u0631 \u0646\u0634\u0648\u062f!\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\n\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\u00a0 \ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b", "creation_timestamp": "2024-08-01T17:20:44.000000Z"}, {"uuid": "2e915f5e-d364-4ec9-9f2c-e1a9625d466e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "seen", "source": "https://t.me/ViralCyber/4068", "content": "\u26a0\ufe0f\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0641\u0648\u0642 \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc JumpServer\n\ud83d\udd34\u0634\u0627\u06cc\u062f \u0627\u0633\u0645 JumpServer \u0628\u0647 \u06af\u0648\u0634 \u0634\u0645\u0627 \u0622\u0634\u0646\u0627 \u0646\u0628\u0627\u0634\u062f. \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u06cc\u06a9 #PAM \u0645\u062a\u0646 \u0628\u0627\u0632 (Open Source) \u0627\u0633\u062a \u0648 \u062e\u06cc\u0644\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u0647\u0627 \u0647\u0645 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u06a9\u0646\u0646\u062f. \n\ud83d\udd34\u0627\u062e\u06cc\u0631\u0627 \u062f\u0648 #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc CVE-2024-40628 \u0648 CVE-2024-40629 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 10 \u06a9\u0634\u0641 \u0634\u062f\u0647!\n\ud83d\udd34\u0639\u0645\u0642 \u0641\u0627\u062c\u0639\u0647 \u0627\u06cc\u0646\u062c\u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0631\u0648\u06cc #JumpServer  \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0646\u062f \u0648 \u0642\u0637\u0639\u0627 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u062f\u0627\u0631\u0646\u062f!\n\ud83d\udd34\u0627\u0645\u06cc\u062f\u0648\u0627\u0631\u06cc\u0645 \u0622\u0646 \u0645\u0627\u062c\u0631\u0627 \u06a9\u0647 \u0628\u0631\u0627\u06cc Mail Server\u0647\u0627\u06cc #\u0628\u0648\u0645\u06cc \u06a9\u0647 \u0628\u0631 \u0628\u0633\u062a\u0631 #Zimbra \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0648\u062f\u0646\u062f \u0627\u062a\u0641\u0627\u0642 \u0627\u0641\u062a\u0627\u062f \u062a\u06a9\u0631\u0627\u0631 \u0646\u0634\u0648\u062f!\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\n\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\u00a0 \ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b", "creation_timestamp": "2024-08-01T17:20:44.000000Z"}, {"uuid": "c3af3540-9cfa-4450-a2af-049ab4cc55c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6892", "content": "\u200aCVE-2024-40628 & CVE-2024-40629: Two Maximum Severity Flaws in JumpServer\n\nhttps://securityonline.info/cve-2024-40628-cve-2024-40629-two-maximum-severity-flaws-in-jumpserver/", "creation_timestamp": "2024-07-22T10:18:14.000000Z"}, {"uuid": "d7210102-c1d1-44be-9bbb-4c2fb2614a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40620", "type": "seen", "source": "Telegram/7sDNxOWL8aFRgQuu_lWA_yTPVg4MtdQnjHb22Nw28EUeiiYu", "content": "", "creation_timestamp": "2025-02-01T17:28:09.000000Z"}, {"uuid": "9f891641-cc60-4870-b918-1666105559e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40626", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10860", "content": "#exploit\n1. CVE-2024-29511:\nAbusing Ghostscript\u2019s OCR device\nhttps://codeanlabs.com/blog/research/cve-2024-29511-abusing-ghostscripts-ocr-device\n\n2. CVE-2024-40626:\nStored XSS in Outline editor\n(Type confusion attacks in ProseMirror editors)\nhttps://blog.calif.io/p/type-confusion-attacks-in-prosemirror\n\n3. Getting Unauthenticated RCE on the Logsign Unified SecOps Platform\nhttps://www.zerodayinitiative.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform", "creation_timestamp": "2024-07-20T12:14:12.000000Z"}, {"uuid": "2405f5b2-19f4-4074-8cf6-2b27fb4b3d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40628", "type": "seen", "source": "https://t.me/referencebooks0/330", "content": "Hypersec:\nThievingFox\n\n\u0627\u0628\u0632\u0627\u0631 ThievingFox \u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc post-exploitation\u00a0 \u0628\u0631\u0627\u06cc \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u0627\u0632 password managers \u0645\u062e\u062a\u0644\u0641 \u0648 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u0633\u062a. \u0647\u0631 \u0645\u0627\u0698\u0648\u0644 \u0627\u0632 \u0645\u062a\u062f \u062e\u0627\u0635\u06cc \u0628\u0631\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0628\u0647 \u067e\u0631\u0648\u0633\u0633 \u0647\u062f\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0648 \u0633\u067e\u0633 \u062a\u0648\u0627\u0628\u0639 \u062f\u0627\u062e\u0644\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u062c\u0645\u0639 \u0622\u0648\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u0647\u0648\u06a9 \u0645\u06cc \u06a9\u0646\u062f.\n\n https://github.com/Slowerzs/ThievingFox/\n\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n#tools\n\nWindows Terminal Tips, Tricks, and Productivity Hacks \n\n#windows\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\nAdvanced Linux Detection and Forensics Cheatsheet\nby Defensive Security v0.1 [17/05/2024]\nhttps://www.linkedin.com/posts/soorinsec_advanced-linux-detection-and-forensics-cheatsheet-activity-7225407231867932672-isaN?utm_source=share&utm_medium=member_desktop\n\n#linux #forensics\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\nFree Malware Analysis Course, covers malware concepts, malware analysis, and black-box reverse engineering techniques\u00a0 \n\n\u062f\u0648\u0631\u0647 \u0631\u0627\u06cc\u06af\u0627\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u060c \u0645\u0641\u0627\u0647\u06cc\u0645 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u060c \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0648 \u062a\u06a9\u0646\u06cc\u06a9 \u0647\u0627\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u0645\u0639\u06a9\u0648\u0633 \u062c\u0639\u0628\u0647 \u0633\u06cc\u0627\u0647 \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f.\n\nhttp://class.malware.re \n\n#cybersecurity #Malware\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n#blackhat #bash\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n\ud835\udde2\ud835\uddea\ud835\uddd4\ud835\udde6\ud835\udde3 \ud835\udde7\ud835\udde2\ud835\udde3 \ud835\udfed\ud835\udfec - \ud835\udde9\ud835\ude02\ud835\uddf9\ud835\uddfb\ud835\uddf2\ud835\uddff\ud835\uddee\ud835\uddef\ud835\uddf9\ud835\uddf2 \ud835\udddf\ud835\udddf\ud835\udde0 \ud835\uddd4\ud835\uddfd\ud835\uddfd\ud835\uddf9\ud835\uddf6\ud835\uddf0\ud835\uddee\ud835\ude01\ud835\uddf6\ud835\uddfc\ud835\uddfb\ud835\ude00\n\nThe OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.\n\nLink \ud83d\udd17:-\nhttps://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Vulnerable-LLM-Applications\n\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n#web3 #prompt #owasp\n\n DNS records: a comprehensive guide to better understanding and use\n\n\u0631\u06a9\u0648\u0631\u062f\u0647\u0627\u06cc DNS:\u00a0 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc \u062c\u0627\u0645\u0639 \u0628\u0631\u0627\u06cc \u062f\u0631\u06a9 \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0647\u062a\u0631\n\n[\u0644\u06cc\u0646\u06a9\u062f\u06cc\u0646 \u0633\u0648\u0631\u06cc\u0646 \n\n#DNS #DNS_Record \n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n \u0647\u0634\u062f\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 JumpServer \n\n\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 10 (CVE-2024-40628 \u0648 CVE-2024-40629) \u062f\u0631 JumpServer\u060c \u06cc\u06a9 \u0631\u0627\u0647\u06a9\u0627\u0631 PAM \u0645\u062a\u0646\u200c\u0628\u0627\u0632 \u0645\u062d\u0628\u0648\u0628\u060c \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u0646\u062f \u062a\u0627 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u0646\u0641\u0648\u0630 \u06a9\u0631\u062f\u0647 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n\u0686\u0631\u0627 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0645\u0647\u0645 \u0627\u0633\u062a\u061f\n\n\u0627\u0628\u0632\u0627\u0631 JumpServer\u00a0\u00a0 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0628\u0633\u06cc\u0627\u0631 \u0645\u062d\u0628\u0648\u0628 \u0627\u0633\u062a: \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0627\u0632 JumpServer \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0628\u0631 \u067e\u0627\u06cc\u0647 JumpServer \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f: \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0633\u0627\u06cc\u0631 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc PAM \u0628\u0648\u0645\u06cc \u0646\u06cc\u0632 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n\n\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc JumpServer: \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc JumpServer \u0631\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u0648 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\u0628\u0631\u0631\u0633\u06cc PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc: \u0627\u06af\u0631 \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f\u060c \u0628\u0627 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0622\u0646\u200c\u0647\u0627 \u062a\u0645\u0627\u0633 \u0628\u06af\u06cc\u0631\u06cc\u062f \u062a\u0627 \u0627\u0632 \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u06cc\u062f.\n\n\nCVE-2024-40628: https://nvd.nist.gov/vuln/detail/CVE-2024-40628\nCVE-2024-40629: https://nvd.nist.gov/vuln/detail/CVE-2024-40629\n\n#cve #pam #JumpServer \n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646", "creation_timestamp": "2024-08-04T18:47:46.000000Z"}, {"uuid": "bbb4dadb-0400-4c44-a68c-f0e920d1bfcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40629", "type": "seen", "source": "https://t.me/referencebooks0/330", "content": "Hypersec:\nThievingFox\n\n\u0627\u0628\u0632\u0627\u0631 ThievingFox \u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc post-exploitation\u00a0 \u0628\u0631\u0627\u06cc \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u0627\u0632 password managers \u0645\u062e\u062a\u0644\u0641 \u0648 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u0633\u062a. \u0647\u0631 \u0645\u0627\u0698\u0648\u0644 \u0627\u0632 \u0645\u062a\u062f \u062e\u0627\u0635\u06cc \u0628\u0631\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0628\u0647 \u067e\u0631\u0648\u0633\u0633 \u0647\u062f\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0648 \u0633\u067e\u0633 \u062a\u0648\u0627\u0628\u0639 \u062f\u0627\u062e\u0644\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u062c\u0645\u0639 \u0622\u0648\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u0647\u0648\u06a9 \u0645\u06cc \u06a9\u0646\u062f.\n\n https://github.com/Slowerzs/ThievingFox/\n\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n#tools\n\nWindows Terminal Tips, Tricks, and Productivity Hacks \n\n#windows\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\nAdvanced Linux Detection and Forensics Cheatsheet\nby Defensive Security v0.1 [17/05/2024]\nhttps://www.linkedin.com/posts/soorinsec_advanced-linux-detection-and-forensics-cheatsheet-activity-7225407231867932672-isaN?utm_source=share&utm_medium=member_desktop\n\n#linux #forensics\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\nFree Malware Analysis Course, covers malware concepts, malware analysis, and black-box reverse engineering techniques\u00a0 \n\n\u062f\u0648\u0631\u0647 \u0631\u0627\u06cc\u06af\u0627\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u060c \u0645\u0641\u0627\u0647\u06cc\u0645 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u060c \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0648 \u062a\u06a9\u0646\u06cc\u06a9 \u0647\u0627\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u0645\u0639\u06a9\u0648\u0633 \u062c\u0639\u0628\u0647 \u0633\u06cc\u0627\u0647 \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f.\n\nhttp://class.malware.re \n\n#cybersecurity #Malware\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n#blackhat #bash\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n\ud835\udde2\ud835\uddea\ud835\uddd4\ud835\udde6\ud835\udde3 \ud835\udde7\ud835\udde2\ud835\udde3 \ud835\udfed\ud835\udfec - \ud835\udde9\ud835\ude02\ud835\uddf9\ud835\uddfb\ud835\uddf2\ud835\uddff\ud835\uddee\ud835\uddef\ud835\uddf9\ud835\uddf2 \ud835\udddf\ud835\udddf\ud835\udde0 \ud835\uddd4\ud835\uddfd\ud835\uddfd\ud835\uddf9\ud835\uddf6\ud835\uddf0\ud835\uddee\ud835\ude01\ud835\uddf6\ud835\uddfc\ud835\uddfb\ud835\ude00\n\nThe OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.\n\nLink \ud83d\udd17:-\nhttps://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Vulnerable-LLM-Applications\n\n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n#web3 #prompt #owasp\n\n DNS records: a comprehensive guide to better understanding and use\n\n\u0631\u06a9\u0648\u0631\u062f\u0647\u0627\u06cc DNS:\u00a0 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc \u062c\u0627\u0645\u0639 \u0628\u0631\u0627\u06cc \u062f\u0631\u06a9 \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0647\u062a\u0631\n\n[\u0644\u06cc\u0646\u06a9\u062f\u06cc\u0646 \u0633\u0648\u0631\u06cc\u0646 \n\n#DNS #DNS_Record \n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646\n\n \u0647\u0634\u062f\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 JumpServer \n\n\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 10 (CVE-2024-40628 \u0648 CVE-2024-40629) \u062f\u0631 JumpServer\u060c \u06cc\u06a9 \u0631\u0627\u0647\u06a9\u0627\u0631 PAM \u0645\u062a\u0646\u200c\u0628\u0627\u0632 \u0645\u062d\u0628\u0648\u0628\u060c \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u0646\u062f \u062a\u0627 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u0646\u0641\u0648\u0630 \u06a9\u0631\u062f\u0647 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n\u0686\u0631\u0627 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0645\u0647\u0645 \u0627\u0633\u062a\u061f\n\n\u0627\u0628\u0632\u0627\u0631 JumpServer\u00a0\u00a0 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0628\u0633\u06cc\u0627\u0631 \u0645\u062d\u0628\u0648\u0628 \u0627\u0633\u062a: \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0627\u0632 JumpServer \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0628\u0631 \u067e\u0627\u06cc\u0647 JumpServer \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f: \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0633\u0627\u06cc\u0631 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc PAM \u0628\u0648\u0645\u06cc \u0646\u06cc\u0632 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n\n\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc JumpServer: \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc JumpServer \u0631\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u0648 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\u0628\u0631\u0631\u0633\u06cc PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc: \u0627\u06af\u0631 \u0627\u0632 PAM\u0647\u0627\u06cc \u0628\u0648\u0645\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f\u060c \u0628\u0627 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0622\u0646\u200c\u0647\u0627 \u062a\u0645\u0627\u0633 \u0628\u06af\u06cc\u0631\u06cc\u062f \u062a\u0627 \u0627\u0632 \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u06cc\u062f.\n\n\nCVE-2024-40628: https://nvd.nist.gov/vuln/detail/CVE-2024-40628\nCVE-2024-40629: https://nvd.nist.gov/vuln/detail/CVE-2024-40629\n\n#cve #pam #JumpServer \n\u062a\u06cc\u0645\u00a0 \u0633\u0648\u0631\u06cc\u0646", "creation_timestamp": "2024-08-04T18:47:46.000000Z"}, {"uuid": "bdd40ee4-f62a-4b62-a4e8-0a8e0ff4b6c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-40624", "type": "published-proof-of-concept", "source": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw", "content": "", "creation_timestamp": "2024-07-13T12:35:10.000000Z"}]}