sleepwithoutbz/cve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 调整了prompt,分析信息泄漏CVE

Browse Source
This commit is contained in:
sleepwithoutbz
2025-06-03 13:54:08 +08:00
parent bfb755daeb
commit 2f3640a45e
6 changed files with 1072 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7912
info_reveal_result/analysis_result.log
View File

File diff suppressed because it is too large Load Diff

179
info_reveal_result/analysis_result_11-20.log Normal file
View File

@@ -0,0 +1,179 @@
cve: ./data/2016/8xxx/CVE-2016-8954.json
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
analysis: {"Conatiner":"IBM dashDB Local","CVE_Reason":"硬编码的凭据、密钥等敏感信息","CVE_Consequence":"远程攻击者可以利用这些硬编码凭据访问Docker容器或数据库可能导致数据泄露或系统被进一步入侵严重程度较高"}
cve: ./data/2019/5xxx/CVE-2019-5021.json
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
analysis: {"Conatiner":"Alpine Linux Docker images","CVE_Reason":"未妥善保护的密码配置镜像中存在root用户的空密码","CVE_Consequence":"可能导致攻击者以root身份未经授权访问容器严重程度高"}
cve: ./data/2020/11xxx/CVE-2020-11878.json
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
analysis: {"Conatiner":"docker-jitsi-meet","CVE_Reason":"默认密码","CVE_Consequence":"可能导致未经授权的访问,严重程度:高"}
cve: ./data/2020/15xxx/CVE-2020-15157.json
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.
analysis: ```json
{"Conatiner":"containerd","CVE_Reason""未妥善保护的认证凭证","CVE_Consequence":"攻击者可以通过诱导用户拉取特定镜像获取容器拉取图像时使用的认证凭证,可能导致用户的注册表用户名和密码泄露,或者云实例的凭据泄露,从而获得对其他云资源的访问权限。严重程度较高。"}
```
cve: ./data/2020/29xxx/CVE-2020-29389.json
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Crux Linux Docker images 3.0 through 3.4","CVE_Reason":"未设置根用户密码,空白密码被写入镜像并共享给所有用户","CVE_Consequence":"允许攻击者使用空白密码获取容器的根权限,严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29564.json
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Consul Docker镜像","CVE_Reason":"未设置root用户的密码存在空白密码","CVE_Consequence":"远程攻击者可利用空白密码获得root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29575.json
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"elixir Docker images","CVE_Reason":"未设置根用户密码,存在空白密码的根账户","CVE_Consequence":"远程攻击者可利用空白密码获取根权限,严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29576.json
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"eggdrop","CVE_Reason":"未设置根用户密码","CVE_Consequence":"远程攻击者可以使用空密码获得root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29577.json
The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"znc","CVE_Reason":"未设置密码的root用户","CVE_Consequence":"远程攻击者可以使用空白密码获得root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29578.json
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
analysis: {"Conatiner":"piwik Docker images","CVE_Reason":"未设置密码的root用户账户","CVE_Consequence":"远程攻击者可利用此漏洞获得容器的root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29579.json
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
analysis: {"Conatiner":"Express Gateway Docker","CVE_Reason":"未设置密码的root用户凭据","CVE_Consequence":"远程攻击者可利用此漏洞获得容器的root访问权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29580.json
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"storm Docker images","CVE_Reason":"未设置根用户密码","CVE_Consequence":"远程攻击者可利用空白密码获得根用户访问权限,严重程度:高"}
cve: ./data/2020/29xxx/CVE-2020-29581.json
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"spiped","CVE_Reason":"未设置根用户密码,空白密码被写入镜像并共享给所有用户","CVE_Consequence":"远程攻击者可利用空白密码获得root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29591.json
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"registry Docker镜像","CVE_Reason":"未设置root用户的密码","CVE_Consequence":"远程攻击者可以使用空白密码获得root权限严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29601.json
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"notary docker images","CVE_Reason":"未设置根用户密码,空白密码被写入镜像并共享给所有用户","CVE_Consequence":"远程攻击者可以利用空白密码获得容器的根用户访问权限,严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29602.json
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: ```json
{"Conatiner":"irssi","CVE_Reason":"未设置根用户密码,导致密码为空","CVE_Consequence":"远程攻击者可利用空白密码获得容器的根用户访问权限,严重程度:高"}
```
cve: ./data/2020/35xxx/CVE-2020-35184.json
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Composer Docker镜像","CVE_Reason":"未设置根用户密码,存在空白密码的根账户","CVE_Consequence":"远程攻击者可以利用空白密码获取容器的root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35185.json
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"ghost docker images","CVE_Reason":"未设置根用户密码,存在空白密码问题","CVE_Consequence":"允许远程攻击者使用空白密码获得root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35186.json
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Adminer Docker镜像","CVE_Reason":"未设置root用户密码空白密码被写入镜像并供所有用户使用","CVE_Consequence":"远程攻击者可利用空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35187.json
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"telegraf","CVE_Reason":"未设置密码的root用户","CVE_Consequence":"允许远程攻击者以空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35189.json
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"kong docker images","CVE_Reason":"未设置根用户密码,空白密码被写入镜像并共享给所有用户","CVE_Consequence":"远程攻击者可以利用空白密码获取容器的根用户权限,严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35190.json
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"plone Docker镜像","CVE_Reason":"未设置root用户的密码存在空白密码","CVE_Consequence":"远程攻击者可以利用空白密码获得容器的root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35191.json
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"drupal docker images","CVE_Reason":"未设置根用户密码,导致密码为空","CVE_Consequence":"允许远程攻击者使用空白密码获得根用户访问权限,严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35192.json
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"vault","CVE_Reason":"未设置根用户密码的文件或配置","CVE_Consequence":"远程攻击者可以使用空密码获得root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35193.json
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"sonarqube","CVE_Reason":"未设置根用户密码,空白密码被写入镜像并被所有用户共用","CVE_Consequence":"远程攻击者可利用空白密码获取容器的root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35195.json
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"haproxy","CVE_Reason":"未设置根用户密码,导致密码为空","CVE_Consequence":"远程攻击者可以利用此漏洞通过空密码获得容器的root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35196.json
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"rabbitmq","CVE_Reason":"未设置密码的root用户凭据","CVE_Consequence":"允许远程攻击者使用空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35197.json
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"memcached","CVE_Reason":"未设置根用户密码的文件或配置信息","CVE_Consequence":"远程攻击者可以使用空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35462.json
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"CoScale agent Docker image","CVE_Reason":"未设置根用户密码","CVE_Consequence":"远程攻击者可利用此漏洞以空白密码获得根用户访问权限,严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35463.json
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Instana Dynamic APM Docker镜像","CVE_Reason":"未设置的空白root用户密码","CVE_Consequence":"允许远程攻击者以空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35464.json
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Weave Cloud Agent Docker image","CVE_Reason":"容器镜像中存在空白的root用户密码","CVE_Consequence":"远程攻击者可利用此漏洞以空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35466.json
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Blackfire Docker镜像","CVE_Reason":"未设置root用户的密码","CVE_Consequence":"允许远程攻击者使用空密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35467.json
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Docker Docs Docker image","CVE_Reason":"未设置root用户的密码空白密码被写入镜像并共享给所有用户","CVE_Consequence":"远程攻击者可以利用空白密码获得root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35468.json
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Appbase streams Docker image 2.1.2","CVE_Reason":"未设置root用户的密码空白密码被写入镜像并被所有用户共用","CVE_Consequence":"远程攻击者可以利用空白密码获取root权限严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35469.json
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Conatiner":"Software AG Terracotta Server OSS Docker image 5.4.1","CVE_Reason":"未设置的空白root用户密码","CVE_Consequence":"远程攻击者可利用空白密码获取root权限严重程度高"}

34
info_reveal_result/analysis_result_21-25.log Normal file
View File

@@ -0,0 +1,34 @@
cve: ./data/2021/21xxx/CVE-2021-21979.json
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
analysis: ```json
{"Container":"bitnami/laravel","CVE_Reason":"APP_KEY in the /tmp/app/.env file","CVE_Consequence":"If a malicious party obtains the encryption key, they could exploit PHP object serialization/unserialization vulnerabilities to call arbitrary class methods within the application. This is considered a high severity issue."}
```
cve: ./data/2022/29xxx/CVE-2022-29186.json
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed private credentials. This misconfiguration only impacts Rundeck Docker instances of PagerDuty® Process Automation On Prem (formerly Rundeck) version 4.0 and earlier, not Debian, RPM or .WAR. Additionally, the id_rsa.pub file would have to be copied from the Docker image filesystem contents without overwriting it and used to configure SSH access on a host. A patch on Rundeck's `main` branch has removed the pre-generated SSH key pair, but it does not remove exposed keys that have been configured. To patch, users must run a script on hosts in their environment to search for exposed keys and rotate them. Two workarounds are available: Do not use any pre-existing public key file from the rundeck docker images to allow SSH access by adding it to authorized_keys files and, if you have copied the public key file included in the docker image, remove it from any authorized_keys files.
analysis: {"Container":"Rundeck community and rundeck-enterprise docker images","CVE_Reason":"pre-generated SSH keypair","CVE_Consequence":"If the pre-generated SSH private key is exposed, it allows unauthorized access to remote hosts that have the corresponding public key in their authorized_keys files. This could lead to unauthorized system access and potential data compromise. The severity is high as it affects the security of SSH communications and access control."}
cve: ./data/2023/22xxx/CVE-2023-22746.json
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)
keitaroinc/docker-ckan (keitaro/ckan images).
analysis: ```json
{"Container":"ckan/ckan-docker, ckan/ckan-base, okfn/docker-ckan, openknowledge/ckan-base, openknowledge/ckan-dev, keitaroinc/docker-ckan, keitaro/ckan","CVE_Reason":"secret key","CVE_Consequence":"Authentication requests can be forged, leading to unauthorized access (High severity)"}
```
cve: ./data/2025/32xxx/CVE-2025-32754.json
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
analysis: ```json
{"Container":"jenkins/ssh-agent","CVE_Reason":"SSH host keys","CVE_Consequence":"允许攻击者冒充SSH构建代理严重程度高"}
```
cve: ./data/2025/32xxx/CVE-2025-32755.json
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
analysis: ```json
{"Container":"jenkins/ssh-slave","CVE_Reason":"SSH host keys","CVE_Consequence":"Impersonation of SSH build agents by attackers, leading to potential data interception or tampering. High severity."}
```