PRP: GeoServer Unauthenticated Remote Code Execution

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

877 stars 176 forks source link

PRP: GeoServer Unauthenticated Remote Code Execution #518

Closed grandsilva closed 6 days ago

grandsilva commented 3 months ago

Hi, as my other PRPs status are not finalized, I can write a tsunami plugin for GeoServer RCE vulnerability if you let me. this is a good reference: https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401

CVE: https://github.com/advisories/GHSA-6jj6-gm7p-fcvv

tooryx commented 3 months ago

Hi @grandsilva,

You can proceed with this one.

~tooryx

tooryx commented 6 days ago

Hi @grandsilva,

Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.

Thanks!

tooryx commented 6 days ago

Hi @grandsilva,

Did you fill the participation form? If not, please do so.

~tooryx

grandsilva commented 6 days ago

hi @tooryx i just submitted the form. thanks.