Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/da_667/statuses/111807594346818603">da_667 (da_667@infosec.exchange)'s status on Wednesday, 24-Jan-2024 08:41:17 JST</a><a href="https://infosec.exchange/@da_667" title="da_667@infosec.exchange"><img src="https://gnusocial.jp/avatar/30576-48-20241114140251.webp" width="48" height="48" alt="da_667" style="position: absolute; left: 0; top: 0;">da_667</a></section><article><p>GoAnywhere MFT <a href="https://infosec.exchange/tags/CVE_2024_0204" rel="tag">#CVE_2024_0204</a> is... path traversal.</p><p>[bullshitpath]/..;/wizard/InitialAccountSetup.xhtml re-runs the initial setup wizard, and lets attackers create their own admin account.</p><p><a href="https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/" rel="nofollow noreferrer">https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2626520#notice-5202795">In conversation</a><time datetime="2024-01-24T08:41:17+09:00" title="Wednesday, 24-Jan-2024 08:41:17 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@da_667/111807594346818603" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@da_667/111807594346818603">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
da_667 (da_667@infosec.exchange)'s status on Wednesday, 24-Jan-2024 08:41:17 JST da_667
GoAnywhere MFT #CVE_2024_0204 is... path traversal.
[bullshitpath]/..;/wizard/InitialAccountSetup.xhtml re-runs the initial setup wizard, and lets attackers create their own admin account.
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
In conversationabout 10 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice