Archery 與Nexus 掃描漏洞弱點修補
#2774
Replies: 3 comments 2 replies
-
|
以上关于4000端口的mysql漏洞基本都是goinception默认关闭用户鉴权引起,参考:goinception用户鉴权 |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
請問Archery 有支援mysql 8.0.39嗎? 使用docker 方式安裝 |
Beta Was this translation helpful? Give feedback.
-
|
支持的 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi 大大們
最近我們使用Nexus 對Archery 掃描漏洞,掃出來如下
Critical
MySQL Default Account Credentials
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommendation: Either remove the affected accounts or change the associated password.
Oracle MySQL Server 5.7.x < 5.7.44 (October 2023 CPU)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommendation: Apply the appropriate patch according to the October 2023 Oracle Critical Patch Update advisory. Highly recommended to upgrade MySQL to 8.0.39 or above.
High
MySQL User-Defined Functions Multiple Vulnerabilities
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Recommendation: There is currently no known fix or patch to address these issues. Instead, make sure access to create user-defined functions is restricted.
nginx 1.1.x < 1.23.2 / 1.0.x < 1.22.1 Memory Disclosure
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Recommendation: Upgrade to nginx 1.26 or later.
MySQL Unpassworded Account Check
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Recommendation:Disable or set a password for the affected account.
MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Recommendation:Upgrade MySQL to the latest supported version.
nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Recommendation:Upgrade to nginx 1.26 or later.
請問那裡可以看到這些漏洞的更新計畫?或是我們使用者可以手動做哪些調整修補這些漏洞呢?
![Uploading archery1.png…]()
Beta Was this translation helpful? Give feedback.
All reactions