CVE-2024-47218
published 2024-09-22CVE-2024-47218: An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.4th percentile
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vesoft | nebulagraph_database | <= 3.8.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-47218 in github.com/vesoft-inc/nebula
osv·2024-09-26·CVSS 9.8
CVE-2024-47218 [CRITICAL] CVE-2024-47218 in github.com/vesoft-inc/nebula
CVE-2024-47218 in github.com/vesoft-inc/nebula
CVE-2024-47218 in github.com/vesoft-inc/nebula
GHSA
GHSA-9p6f-43f7-gmq3: An issue was discovered in vesoft NebulaGraph through 3
ghsa_unreviewed·2024-09-22
CVE-2024-47218 [CRITICAL] CWE-287 GHSA-9p6f-43f7-gmq3: An issue was discovered in vesoft NebulaGraph through 3
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
Suricata
ET WEB_SPECIFIC_APPS QNAP quick.cgi uploaf_firmware_image Command Injection Attempt (CVE-2023-47218)
suricata·2024-02-13·CVSS 5.8
CVE-2023-47218 [MEDIUM] ET WEB_SPECIFIC_APPS QNAP quick.cgi uploaf_firmware_image Command Injection Attempt (CVE-2023-47218)
ET WEB_SPECIFIC_APPS QNAP quick.cgi uploaf_firmware_image Command Injection Attempt (CVE-2023-47218)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS QNAP quick.cgi uploaf_firmware_image Command Injection Attempt (CVE-2023-47218)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/cgi-bin/quick/quick.cgi?func=switch_os&todo=uploaf_firmware_image"; fast_pattern; http.user_agent; content:"Mozilla"; content:"Macintosh"; http.request_body; content:"|3d 22|%22"; content:"|22|"; within:200; reference:url,www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/; reference:cve,2023-47218; classtype:trojan-activity; sid:2050811; rev:1; metadata:affected_product QNAP, attack_target Net
No public exploits indexed.
No writeups or analysis indexed.
2024-09-22
Published