Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
WWSchoof 📯 (wwschoof@layer8.space)'s status on Wednesday, 18-Dec-2024 23:49:27 JST WWSchoof 📯
- Kevin Beaumont
@GossiTheDog https://secalerts.co/vulnerability/CVE-2023-34990
In conversation about 5 months ago from layer8.space permalink
Attachments
1. Domain not in remote thumbnail source whitelist: public.secalerts.co
  
  CVE-2023-34990 - Path Traversal - SecAlerts
  
  A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
- Embed this notice
  WWSchoof 📯 (wwschoof@layer8.space)'s status on Thursday, 19-Dec-2024 00:02:25 JST WWSchoof 📯
  - Kevin Beaumont
  @GossiTheDog the nist link is neither telling the affected product, nor the fixed versions
  
  In conversation about 5 months ago permalink
- Embed this notice
  Andrew Golding (huronbikes@cyberplace.social)'s status on Thursday, 19-Dec-2024 00:34:51 JST Andrew Golding
  - Kevin Beaumont
  @GossiTheDog sure does seem like a large number of directory traversal (or it's cousin, context escape) vulnerabilities lately...
  
  In conversation about 5 months ago permalink
- Embed this notice
  Space Invader (spaceinvader@social.securitytheater.net)'s status on Thursday, 19-Dec-2024 03:55:37 JST Space Invader
  - Kevin Beaumont
  @GossiTheDog CNAs are not supposed to “backdate” CVEs like that. It was previously kinda-sorta allowed, but these days, a CNE doesn’t get a block of CVEs. CNAs inform MITRE of approximately how many CVEs they expect to issue in a year, and as you publish them, identifiers are assigned. If I publish two CVEs they may not be sequential.
  This CVE would have been in RESERVED status to hold onto the CVE-2023-34990 record. But wow, is that a long time before publishing.
  (I did CNA training in 2022)
  
  In conversation about 5 months ago permalink

Public

Conversation

Notices

Feeds