Will Dormann on Nostr: Yeah, so this CVE-2024-29849 PoC exploit works. An unauthenticated user can perform ...
Yeah, so this CVE-2024-29849 PoC exploit works. An unauthenticated user can perform any API action as whatever user they want.
Hopefully nobody exposes the Veeam API to... attackers?
https://github.com/sinsinology/CVE-2024-29849 
Published at
2024-06-13 14:47:09Event JSON
{
"id": "9fc58429d2f59a904ca891e45b3741b03ebcad94e21a0f025aa3e18c4e5d103c",
"pubkey": "9c7b9756690880e06dd0ac4246c1d27e99c2f9d8beb819e2e3156dc3e2d8d3e6",
"created_at": 1718290029,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/wdormann/statuses/112609855366089067",
"activitypub"
]
],
"content": "Yeah, so this CVE-2024-29849 PoC exploit works. An unauthenticated user can perform any API action as whatever user they want.\n\nHopefully nobody exposes the Veeam API to... attackers?\nhttps://github.com/sinsinology/CVE-2024-29849\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/112/609/854/263/053/405/original/2706244609a51ea8.png",
"sig": "8aba14eb6bf0f8a5a7a8fcebce1a8f69773a2776ae4d064ba108de835eb1b18f1e72574a1d6cce68c2a1b329ca26ccfc01e2a7ac38fc0b0201c20d5f85359d98"
}
