You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When comparing results from the web/fastgpt and api-fastgpt I get different outputs, is that expected?
Searching for CVE-2023-29357 will yield the following from the API:
{'meta': {'id': '35ba9a23-c80f-4d21-96e4-270327459bb2', 'node': 'europe-west4', 'ms': 3404, 'api_balance': xxx}, 'data': {'output': 'CVE-2023-29357 is a vulnerability in Microsoft SharePoint Server that was reported in June 2023. It is a privilege escalation vulnerability that can be exploited to impersonate authenticated users and execute arbitrary code under their context. Proof-of-concept exploit code was released that chained this vulnerability (CVE-2023-29357) with another SharePoint vulnerability (CVE-2023-24955) to achieve remote code execution without authentication. Microsoft issued a patch to address this vulnerability in mid-June 2023. It has a CVSS score indicating a critical severity level. [1][2]', 'tokens': 921, 'references': [{'title': 'CVE-2023-29357 - NVD', 'snippet': "CVE-2023-29357 Detail · Description · Severity · References to Advisories, Solutions, and Tools · This CVE is in CISA's Known Exploited Vulnerabilities Catalog.", 'url': 'https://nvd.nist.gov/vuln/detail/CVE-2023-29357'}, {'title': 'Chocapikk/CVE-2023-29357: Microsoft SharePoint Server ... - GitHub', 'snippet': 'Description: The exploit script facilitates the impersonation of authenticated users, allowing attackers to execute arbitrary code in the context of the\xa0...', 'url': 'https://github.com/Chocapikk/CVE-2023-29357'}]}}
But searching from the web will yield the following:
CVE-2023-29357 is a critical elevation of privilege vulnerability in Microsoft SharePoint Server. It was reported in June 2023 and a patch was released by Microsoft to address it. [[1]](https://nvd.nist.gov/vuln/detail/CVE-2023-29357)[[2]](https://socprime.com/blog/cve-2023-29357-detection-microsoft-sharepoint-server-elevation-of-privilege-vulnerability-exploitation-can-lead-to-pre-auth-rce-chain/)[[3]](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-june-13-2023-kb5002402-c5d58925-f7be-4d16-a61b-8ce871bbe34d)
The vulnerability allows attackers to impersonate any authenticated SharePoint user, allowing them to execute arbitrary code with the permissions of the impersonated user. Proof-of-concept exploit code was released in September 2023 demonstrating how it could be used along with another vulnerability (CVE-2023-24955) to achieve remote code execution on affected servers. [[4]](https://github.com/Chocapikk/CVE-2023-29357)[[5]](https://www.tenable.com/blog/cve-2023-29357-cve-2023-24955-exploit-chain-released-for-microsoft-sharepoint-server)[[6]](https://socradar.io/microsoft-sharepoint-server-elevation-of-privilege-vulnerability-exploit-cve-2023-29357/)[[7]](https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/)
It has a CVSS score showing its severity. Organizations are advised to apply the June 2023 patch from Microsoft to mitigate risks from this vulnerability. [[1]](https://nvd.nist.gov/vuln/detail/CVE-2023-29357)[[8]](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357)[[9]](https://www.picussecurity.com/resource/blog/cve-2023-29357-sharepoint-server-privilege-escalation-vulnerability)[[3]](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-june-13-2023-kb5002402-c5d58925-f7be-4d16-a61b-8ce871bbe34d)
[CVE-2023-29357 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-29357)
[CVE-2023-29357 Detection: Microsoft SharePoint Server Elevation ...](https://socprime.com/blog/cve-2023-29357-detection-microsoft-sharepoint-server-elevation-of-privilege-vulnerability-exploitation-can-lead-to-pre-auth-rce-chain/)
[Description of the security update for SharePoint Server 2019: June ...](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-june-13-2023-kb5002402-c5d58925-f7be-4d16-a61b-8ce871bbe34d)
[Chocapikk/CVE-2023-29357: Microsoft SharePoint Server ... - GitHub](https://github.com/Chocapikk/CVE-2023-29357)
[CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for ...](https://www.tenable.com/blog/cve-2023-29357-cve-2023-24955-exploit-chain-released-for-microsoft-sharepoint-server)
[Microsoft SharePoint Server Elevation of Privilege Vulnerability ...](https://socradar.io/microsoft-sharepoint-server-elevation-of-privilege-vulnerability-exploit-cve-2023-29357/)
[[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023 ...](https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/)
[CVE-2023-29357 - CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357)
[CVE-2023-29357: SharePoint Server Privilege Escalation ...](https://www.picussecurity.com/resource/blog/cve-2023-29357-sharepoint-server-privilege-escalation-vulnerability)```
The text was updated successfully, but these errors were encountered:
When comparing results from the web/fastgpt and api-fastgpt I get different outputs, is that expected?
Searching for CVE-2023-29357 will yield the following from the API:
{'meta': {'id': '35ba9a23-c80f-4d21-96e4-270327459bb2', 'node': 'europe-west4', 'ms': 3404, 'api_balance': xxx}, 'data': {'output': 'CVE-2023-29357 is a vulnerability in Microsoft SharePoint Server that was reported in June 2023. It is a privilege escalation vulnerability that can be exploited to impersonate authenticated users and execute arbitrary code under their context. Proof-of-concept exploit code was released that chained this vulnerability (CVE-2023-29357) with another SharePoint vulnerability (CVE-2023-24955) to achieve remote code execution without authentication. Microsoft issued a patch to address this vulnerability in mid-June 2023. It has a CVSS score indicating a critical severity level. [1][2]', 'tokens': 921, 'references': [{'title': 'CVE-2023-29357 - NVD', 'snippet': "CVE-2023-29357 Detail · Description · Severity · References to Advisories, Solutions, and Tools · This CVE is in CISA's Known Exploited Vulnerabilities Catalog.", 'url': 'https://nvd.nist.gov/vuln/detail/CVE-2023-29357'}, {'title': 'Chocapikk/CVE-2023-29357: Microsoft SharePoint Server ... - GitHub', 'snippet': 'Description: The exploit script facilitates the impersonation of authenticated users, allowing attackers to execute arbitrary code in the context of the\xa0...', 'url': 'https://github.com/Chocapikk/CVE-2023-29357'}]}}But searching from the web will yield the following:
The text was updated successfully, but these errors were encountered: