Update mongodb-unauth.yaml (#3712)

* Update mongodb-unauth.yaml

* Update CVE-2020-11110.yaml

* Update CVE-2020-11110.yaml
patch-1
Prince Chaddha 2022-02-16 18:03:09 +05:30 committed by GitHub
parent e5e0e1ebf4
commit 627ef6412e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions

View File

@ -5,7 +5,7 @@ info:
severity: medium severity: medium
name: Grafana Unauthenticated Stored XSS name: Grafana Unauthenticated Stored XSS
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
tags: cve,cve2020,xss,grafana remediation: This issue can be resolved by updating Grafana to the latest version.
reference: reference:
- https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html - https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110 - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
@ -14,6 +14,8 @@ info:
cvss-score: 6.10 cvss-score: 6.10
cve-id: CVE-2020-11110 cve-id: CVE-2020-11110
cwe-id: CWE-79 cwe-id: CWE-79
tags: cve,cve2020,xss,grafana
requests: requests:
- raw: - raw:
- | - |

View File

@ -4,7 +4,11 @@ info:
name: Unauth MongoDB Disclosure name: Unauth MongoDB Disclosure
author: pdteam author: pdteam
severity: high severity: high
reference: https://github.com/orleven/Tentacle reference:
- https://github.com/orleven/Tentacle
- https://book.hacktricks.xyz/pentesting/27017-27018-mongodb
- https://www.mongodb.com/features/mongodb-authentication
remediation: Enable Authentication in MongoDB
tags: network,mongodb,unauth tags: network,mongodb,unauth
network: network: