About me π π Job title: Application Security Engineer π Current location: Moscow, Russia π₯ Certificates: OSCP (November 2021) π’ CVEs: CVE-2023-45659 CVE-2023-45152 CVE-2023-5838 CVE-2023-5840 πͺ Open for collaboration
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
engelsystem engelsystem |