CVE-2024-8000
published 2025-03-04CVE-2024-8000: On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in…
PriorityP426medium5.3CVSS 3.1
AVAACHPRNUINSUCNIHAN
EPSS
0.19%
8.7th percentile
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista_networks | eos | 4.30.0 – 4.30.8M | — |
| arista_networks | eos | 4.31.0 – 4.31.5M | — |
| arista_networks | eos | 4.32.0 – 4.32.4M | — |
| chrome_chrome | — | — | |
| hono | hono | >= 0 < 4.2.7 | 4.2.7 |
| librenms | librenms | >= 0 < 24.4.0 | 24.4.0 |
| lobehub | chat | >= 0 < 1.19.13 | 1.19.13 |
| pyload-ng_project | pyload-ng | >= 0 < 0.5.0b3.dev77 | 0.5.0b3.dev77 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
vendor_cisco7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8fjr-734h-7jj5: On affected platforms running Arista EOS with 802
ghsa_unreviewed·2025-03-04
CVE-2024-8000 [MEDIUM] CWE-1284 GHSA-8fjr-734h-7jj5: On affected platforms running Arista EOS with 802
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
GHSA
@lobehub/chat Server Side Request Forgery vulnerability
ghsa·2024-11-26
CVE-2024-32965 [HIGH] CWE-918 @lobehub/chat Server Side Request Forgery vulnerability
@lobehub/chat Server Side Request Forgery vulnerability
### Summary
lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information.
### Details
* visit https://chat-preview.lobehub.com/
* click settings -> llm -> openai
* fill the OpenAI API Key you like
* fill the proxy address that you want to attack (e.g. a domain that resolved to a local ip addr like 127.0.0.1.xip.io) (the address will concat the path "/chat/completions" which can be bypassed with sharp like "http://172.23.0.1:8000/#")
* then lobe will echo the ssrf result
The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, you can modify it to scan internal network in
GHSA
MobSF vulnerable to Open Redirect in Login Redirect
ghsa·2024-07-31
CVE-2024-41955 [MEDIUM] CWE-601 MobSF vulnerable to Open Redirect in Login Redirect
MobSF vulnerable to Open Redirect in Login Redirect
### Impact
_What kind of vulnerability is it? Who is impacted?_
An open redirect vulnerability exist in MobSF authentication view.
PoC
1. Go to http://127.0.0.1:8000/login/?next=//afine.com in a web browser.
2. Enter credentials and press "Sign In".
3. You will be redirected to [afine.com](http://afine.com/)
Users who are not using authentication are not impacted.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Update to MobSF v4.0.5
### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
Disable Authentication
### References
_Are there any links users can visit to find out more?_
Fix: https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaa
GHSA
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
ghsa·2024-04-23
CVE-2024-32869 [MEDIUM] CWE-22 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
### Summary
When using serveStatic with deno, it is possible to directory traverse where main.ts is located.
My environment is configured as per this tutorial
https://hono.dev/getting-started/deno
### PoC
```bash
$ tree
.
├── deno.json
├── deno.lock
├── main.ts
├── README.md
└── static
└── a.txt
```
source
```jsx
import { Hono } from 'https://deno.land/x/[email protected]/mod.ts'
import { serveStatic } from 'https://deno.land/x/[email protected]/middleware.ts'
const app = new Hono()
app.use('/static/*', serveStatic({ root: './' }))
Deno.serve(app.fetch)
```
request
```bash
curl localhost:8000/static/%2e%2e/main.ts
```
response is content of main.ts
### Impact
Unexpected files are retrieved.
GHSA
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
ghsa·2024-04-22
CVE-2024-32479 [HIGH] CWE-79 LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
### Summary
There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code.
### Vulnerable Code
https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23
Above is vulnerable code line which needs to be properly sanitized
### PoC
1. Go to /services/templates
2. Enter name as `testing', '14', 'http://172.105.62.194:8000/services/templates/14');alert(1);//`
3. Submit it and try to delete it, you will see popup
If you inspect element on delete button, you will notice this:-
### Impact
Cross site scripting c
GHSA
pyload Log Injection vulnerability
ghsa·2024-01-08
CVE-2024-21645 [MEDIUM] CWE-74 pyload Log Injection vulnerability
pyload Log Injection vulnerability
### Summary
A log injection vulnerability was identified in `pyload`. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`.
### Details
`pyload` will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the form of `Login failed for user 'USERNAME'`. However, when supplied with a username containing a newline, this newline is not properly escaped. Newlines are also the delimiter between log entries. This allows the attacker to inject new log entries into the log file.
### PoC
Run `pyload` in the default configuration by running the following command
```
pyload
```
We can now sign in as the pyload user and view the logs at `http://localhost:8000/log
GHSA
pyload Unauthenticated Flask Configuration Leakage vulnerability
ghsa·2024-01-08
CVE-2024-21644 [HIGH] CWE-284 pyload Unauthenticated Flask Configuration Leakage vulnerability
pyload Unauthenticated Flask Configuration Leakage vulnerability
### Summary
Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable.
### Details
Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable.
### PoC
Run `pyload` in the default configuration by running the following command
```
pyload
```
Now browse to `http://localhost:8000/render/info.html`. Notice how the Flask configuration gets displayed.
I was quite amused by this finding. I think it's a very interesting coming together of things that is so unlikely to happen. Below I will detail my process a bit more.
I was looking through the code to see how the authorization mechanism is implemented when I s
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-8904
vendor_chrome·2024-10-01·CVSS 8.8
CVE-2024-8904 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-8904
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2024-8904: Type Confusion in V8. Reported by Popax21 on 2024-09-08 [$8000][ 359949835 ] Medium CVE-2024-8905: Inappropriate implementation in V8
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-08-15 [$1000][ 337222641 ] Low CVE-2024-8908: Inappropriate implementation in Autofill
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2024-9120
vendor_chrome·2024-09-24·CVSS 8.8
CVE-2024-9120 [HIGH] Stable Channel Update for Desktop: CVE-2024-9120
Stable Channel Update for Desktop
CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08 [$8000][ 363538434 ] High CVE-2024-9121: Inappropriate implementation in V8
Reported by Tashita Software Security on 2024-09-01 [TBD][ 365802567 ] High CVE-2024-9122: Type Confusion in V8
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2024-6988
vendor_chrome·2024-07-23·CVSS 8.8
CVE-2024-6988 [HIGH] Stable Channel Update for Desktop: CVE-2024-6988
Stable Channel Update for Desktop
CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 [$8000][ 349342289 ] High CVE-2024-6989: Use after free in Loader
Reported by Anonymous on 2024-06-25 [TBD][ 346618785 ] High CVE-2024-6991: Use after free in Dawn
Severity: high
Cisco
Cisco IOS XR Software SSH Privilege Escalation Vulnerability
vendor_cisco·2024-03-13·CVSS 7.8
CVE-2024-20320 [HIGH] CWE-266 Cisco IOS XR Software SSH Privilege Escalation Vulnerability
Cisco IOS XR Software SSH Privilege Escalation Vulnerability
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address t
Chrome
Stable Channel Update for Desktop: CVE-2024-3168
vendor_chrome·2024-02-20·CVSS 6.5
CVE-2024-3168 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-3168
Stable Channel Update for Desktop
CVE-2024-3168: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2024-02-05 [$8000][ 41487933 ] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
Reported by Harry Chen on 2024-01-03 [$3000][ 41485789 ] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2024-3169
vendor_chrome·2024-01-30·CVSS 8.8
CVE-2024-3169 [HIGH] Stable Channel Update for Desktop: CVE-2024-3169
Stable Channel Update for Desktop
CVE-2024-3169: Use after free in V8. Reported by johnshoop on 2024-01-14 [N/A][ 1511085 ] High CVE-2024-1077: Use after free in Network
Reported by Microsoft Security Research Center on 2023-12-13 [$8000][ 41491373 ] Medium CVE-2024-2884: Out of bounds read in V8
Severity: high
Cisco
Cisco IOS XR Software SSH Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20320 Cisco IOS XR Software SSH Privilege Escalation Vulnerability
CVE-2024-20320: Cisco IOS XR Software SSH Privilege Escalation Vulnerability
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE
No detection rules found.
No writeups or analysis indexed.
2025-03-04
Published