Openbullet2
Monthly
Authentication bypass in OpenBullet2 through 0.3.2 lets unauthenticated remote attackers obtain full admin access by sending an empty X-Api-Key HTTP header, because the API key middleware compares the submitted value against a default empty AdminApiKey string. With CVSS 4.0 score 9.3, publicly available exploit code, and a writeup from VulnCheck/Hackernoon, this is a trivially exploitable flaw exposing the admin console and every API endpoint of any internet-reachable deployment running default configuration.
Path traversal in OpenBullet2 through 0.3.2 lets authenticated attackers read, write, and delete arbitrary files via the wordlist endpoint, escalating to remote code execution by tampering with system files like /etc/passwd. Because the application runs as root by default, successful exploitation yields full system compromise. Publicly available exploit code exists (VulnCheck advisory and HackerNoon write-up), though there is no public exploit identified at time of analysis indicating CISA KEV listing.
Authenticated remote code execution in OpenBullet2 through version 0.3.2 allows any logged-in user to run arbitrary C# code on the host by abusing the job configuration interface's plain C# execution mode. Because that mode lacks reference filtering or API restrictions, attackers can touch the file system, spawn child processes, and call any .NET API as the OpenBullet2 service account. Publicly available exploit code exists, and the issue was reported by VulnCheck; pairing it with a known authentication bypass route (referenced HackerNoon write-up) materially raises real-world exploitability.
Remote code execution in OpenBullet2 through 0.3.2 allows authenticated users to execute arbitrary OS commands by abusing the FileProxySource proxy loading feature to upload malicious .bat, .ps1, or .sh script files that the server then executes and returns output as proxy lines. Publicly available exploit code exists per the VulnCheck advisory and a HackerNoon writeup, and the issue carries a CVSS 8.8 (High) with low attack complexity and only low-privilege authentication required. No public exploit identified in CISA KEV at time of analysis, but the combination of a documented technique and trivial exploitation path elevates near-term abuse risk.
Authentication bypass in OpenBullet2 through 0.3.2 lets unauthenticated remote attackers obtain full admin access by sending an empty X-Api-Key HTTP header, because the API key middleware compares the submitted value against a default empty AdminApiKey string. With CVSS 4.0 score 9.3, publicly available exploit code, and a writeup from VulnCheck/Hackernoon, this is a trivially exploitable flaw exposing the admin console and every API endpoint of any internet-reachable deployment running default configuration.
Path traversal in OpenBullet2 through 0.3.2 lets authenticated attackers read, write, and delete arbitrary files via the wordlist endpoint, escalating to remote code execution by tampering with system files like /etc/passwd. Because the application runs as root by default, successful exploitation yields full system compromise. Publicly available exploit code exists (VulnCheck advisory and HackerNoon write-up), though there is no public exploit identified at time of analysis indicating CISA KEV listing.
Authenticated remote code execution in OpenBullet2 through version 0.3.2 allows any logged-in user to run arbitrary C# code on the host by abusing the job configuration interface's plain C# execution mode. Because that mode lacks reference filtering or API restrictions, attackers can touch the file system, spawn child processes, and call any .NET API as the OpenBullet2 service account. Publicly available exploit code exists, and the issue was reported by VulnCheck; pairing it with a known authentication bypass route (referenced HackerNoon write-up) materially raises real-world exploitability.
Remote code execution in OpenBullet2 through 0.3.2 allows authenticated users to execute arbitrary OS commands by abusing the FileProxySource proxy loading feature to upload malicious .bat, .ps1, or .sh script files that the server then executes and returns output as proxy lines. Publicly available exploit code exists per the VulnCheck advisory and a HackerNoon writeup, and the issue carries a CVSS 8.8 (High) with low attack complexity and only low-privilege authentication required. No public exploit identified in CISA KEV at time of analysis, but the combination of a documented technique and trivial exploitation path elevates near-term abuse risk.