vulfocus issues

vulfocus/elasticsearch-cve_2015_3337: 无可用漏洞插件

2

vulfocus/elasticsearch-cve_2015_3337: 无可用漏洞插件使用/_cat/plugins查看所有已安装的插件 ![image](https://user-images.githubusercontent.com/79952322/196918832-e192e1c6-c4b2-43e2-a4d6-77ddc18df7b4.png) 没有任何插件访问漏洞插件也是404 ![image](https://user-images.githubusercontent.com/79952322/196918718-9ac12edd-6233-4ded-8422-7184cc9e9a1a.png)

Devil-QAQ

bug

jwt密钥泄露导致越权

默认开启了django的debug功能导致jwt密钥泄露 ![1](https://github.com/fofapro/vulfocus/assets/114380989/726d37a6-c8c1-4227-afa5-42f77f51cb34) ![2](https://github.com/fofapro/vulfocus/assets/114380989/c122c258-4f5a-4742-8445-f08e5ada7896) 替换cookie就拿到了管理员权限 ![image](https://github.com/fofapro/vulfocus/assets/114380989/8fda64da-9775-44bb-95b2-dafb433a836d) 处置措施：关闭django debug功能

Three-Pac

bug

（docker部署）一键同步：服务器内部错误

**报错信息**:服务器内部错误 **操作系统**： kali **内核版本**：6.8.11 **Python 环境版本**：docker部署的 **Vulfocus 版本**：0.3.2.11 **详细报错信息或堆栈报错信息**： ``` /vulfocus-api/dockerapi/views.py changed, reloading. INFO:django.utils.autoreload:/vulfocus-api/dockerapi/views.py changed, reloading. Watching for file changes with StatReloader [25/Jun/2024 15:19:43] "GET /get/urlname HTTP/1.0" 200 10 [25/Jun/2024...

7Mitu