{"vulnerability": "cve-2022-2473", "sightings": [{"uuid": "06364bce-39c6-4da3-926a-7602c1e1809e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24736", "type": "seen", "source": "https://t.me/cibsecurity/41538", "content": "\u203c CVE-2022-24736 \u203c\n\nRedis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0, 6.2.X and 6.0.X. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T00:13:24.000000Z"}, {"uuid": "1be404dc-2fc5-47ff-8598-23e479a3c2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24735", "type": "seen", "source": "https://t.me/cibsecurity/41537", "content": "\u203c CVE-2022-24735 \u203c\n\nRedis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T00:13:23.000000Z"}, {"uuid": "46d48fab-c85b-4705-815c-5aedf4c9517c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24731", "type": "seen", "source": "https://t.me/cibsecurity/39452", "content": "\u203c CVE-2022-24731 \u203c\n\nArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T23:29:11.000000Z"}, {"uuid": "b1902069-b1d6-425c-b122-5f7ffa1cb782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24730", "type": "seen", "source": "https://t.me/cibsecurity/39456", "content": "\u203c CVE-2022-24730 \u203c\n\nArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T23:34:55.000000Z"}, {"uuid": "f450716e-c2dc-451c-96b6-c3cb634068fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24739", "type": "seen", "source": "https://t.me/cibsecurity/38562", "content": "\u203c CVE-2022-24739 \u203c\n\nalltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T00:41:04.000000Z"}, {"uuid": "2ce6187d-490e-4572-8bf5-ab20872032ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24737", "type": "seen", "source": "https://t.me/cibsecurity/38522", "content": "\u203c CVE-2022-24737 \u203c\n\nHTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn\u00c3\u00a2\u00e2\u201a\u00ac\u00cb\u0153t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-08T02:40:12.000000Z"}, {"uuid": "db13c442-da44-4ad2-bde3-04aa06e008ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24733", "type": "seen", "source": "https://t.me/cibsecurity/38901", "content": "\u203c CVE-2022-24733 \u203c\n\nSylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T21:18:22.000000Z"}, {"uuid": "1f8b250e-34d1-4357-bb19-5c1c48a1fde1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "seen", "source": "https://t.me/cibsecurity/38631", "content": "\u203c CVE-2022-24734 \u203c\n\nMyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T00:12:09.000000Z"}, {"uuid": "2d3cc6ef-0b81-4c10-9605-fe5de1bd7837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24732", "type": "seen", "source": "https://t.me/cibsecurity/38626", "content": "\u203c CVE-2022-24732 \u203c\n\nMaddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:17.000000Z"}, {"uuid": "ffce0f9d-564b-4483-957d-f95795ee7097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5989", "content": "#exploit\n1. CVE-2022-24734:\nRCE in MyBB Admin CP\nhttps://github.com/Altelus1/CVE-2022-24734\n\n2. CVE-2022-26133:\nAtlassian Bitbucket Data Center - Java Deserialization Vulnerability in Hazelcast\nhttps://github.com/Pear1y/CVE-2022-26133", "creation_timestamp": "2022-05-12T11:01:01.000000Z"}, {"uuid": "ee2e81fc-a4e8-4f14-a61b-2b646de1574a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "e894b007-84d8-49e5-9c3b-1f8433d1fd02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb", "content": "", "creation_timestamp": "2022-05-31T16:29:18.000000Z"}, {"uuid": "d5c4bfc4-8e00-45f1-9726-4f758431759c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "published-proof-of-concept", "source": "https://t.me/noobhackersyoutube/1936", "content": "MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)\n\nhttps://github.com/Altelus1/CVE-2022-24734\n\n#MyBB #RCE #Auth_R", "creation_timestamp": "2022-05-12T07:49:07.000000Z"}, {"uuid": "d6ce87ea-3d4e-49cb-9b13-a979b8dd2125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "published-proof-of-concept", "source": "Telegram/qeIlHXwk6VKV4UhXVPLQLbzvqENjIaoZ6ZELYqE5ad4Jd8Y", "content": "", "creation_timestamp": "2022-05-11T20:08:56.000000Z"}, {"uuid": "6868ade6-a3e8-49b0-8fae-25545e95a154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24738", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13122", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24738\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-03-07T21:30:13.000Z\n\ud83d\udccf Modified: 2025-04-23T18:58:57.669Z\n\ud83d\udd17 References:\n1. https://github.com/tharsis/evmos/security/advisories/GHSA-5jgq-x857-p8xw\n2. https://github.com/tharsis/evmos/commit/28870258d4ee9f1b8aeef5eba891681f89348f71\n3. https://github.com/tharsis/evmos/releases/tag/v2.0.1", "creation_timestamp": "2025-04-23T19:05:20.000000Z"}, {"uuid": "3d159384-fb1b-47b4-8b4a-c47cf2b16e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/144", "content": "MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)\n\nhttps://github.com/Altelus1/CVE-2022-24734", "creation_timestamp": "2022-05-11T21:15:25.000000Z"}, {"uuid": "b2b1ae9a-aa2f-4864-84d6-143f29471f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"}, {"uuid": "5bd7f649-48fd-42ac-87d0-c23958306912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24735", "type": "seen", "source": "https://gist.github.com/Darkcrai86/0c6f47c1be5b9960b17c7849ebffbd65", "content": "", "creation_timestamp": "2025-12-04T08:30:10.000000Z"}, {"uuid": "20ade62b-f9ca-4036-a851-2b0d028a04cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24736", "type": "seen", "source": "https://gist.github.com/Darkcrai86/f18f6af044e5234d2b8ff21e7630cfe7", "content": "", "creation_timestamp": "2025-12-04T08:29:43.000000Z"}, {"uuid": "f8c5d870-78c9-493e-ba79-7ff38c93190b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24734", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1609", "content": "MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)\nhttps://github.com/Altelus1/CVE-2022-24734\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-05-25T09:24:00.000000Z"}, {"uuid": "4fc0a74a-5a03-40f3-b0ac-e98f474a4caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24739", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13130", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24739\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.\n\ud83d\udccf Published: 2022-03-08T21:40:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:56:39.899Z\n\ud83d\udd17 References:\n1. https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp\n2. https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d\n3. https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a\n4. https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a", "creation_timestamp": "2025-04-23T19:05:30.000000Z"}]}