Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-28411: Wrong code modification leads to Shiro deserialization vulnerability · Issue #20 · lerry903/RuoYi

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.

CVE
Open in Source
#vulnerability#git

The cause of the vulnerability
The project uses shiro1.7.0 version, this version should not have this vulnerability;

Code layer troubleshooting:

  1. The default key is used (one of the reasons for this vulnerability)

  2. From the point of view of the exploited gadget, the commonscollection exploit chain is used (the second reason for this vulnerability), and the commons-collections vulnerability should use version 3.2.2 and above

  3. Check shiro related calling code:

    The Shiro deserialization vulnerability is caused by calling the getRememberedSerializedIdentity() function of the CookieRememberMeManager class. The official repair code is as follows, the repair plan is to delete the CookieRememberMeManager class

    The CookieRememberMeManager class was added when the open source project was rewritten, which led to the generation of vulnerabilities.

Exploit:
You can use the following tools to exploit this vulnerability, Github project: https://github.com/j1anFen/shiro_attack

Execute system commands

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE