search

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Apache License 2.0
870 stars 176 forks source link

PRP: Request CVE-2024-38856 RCE Vulnerability in Apache OFBiz #524

Open hh-hunter opened 1 month ago

hh-hunter commented 1 month ago

Hello.

I would like to start implementing a plugin to detect CVE-2024-38856,This vulnerability should be relatively new and has been patched.

The vulnerability has been assigned a CVE ID CVE-2024-38856

Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

This vulnerability is caused by an unauthenticated endpoint allowing the execution of screen rendering code, which leads to RCE (Remote Code Execution).

Users are recommended to upgrade to version 18.12.15, which fixes this issue.

The vulnerability can be exploited remotely without authentication and user interaction.

Please let me know if this is in scope to start with its development.

tooryx commented 1 month ago

Hi @hh-hunter,

Adding this to your backlog until we have your current main merged.

~tooryx