Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-24065: GitHub - shihjay2/docker-nosh: NOSH ChartingSystem Dockerized

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.

CVE
Open in Source
#xss#vulnerability#mac#windows#ubuntu#linux#git#java#ssh#docker

Docker-NOSH****Installation****Step 1: Preparation

  1. It is recommended to use an email service to take advantage of all the features of NOSH such as message and schedule notifications. Mailgun is a compatible mail service.
  2. Make sure you have a domain name registered and linked to the WAN IP (Wide Area Network Internet Protocol) address where Docker-NOSH is connected to. You can get one at Namecheap. They have great instructions for how to do this.
  3. If your Docker-NOSH is installed physically and is behind a network router, make sure port forwarding is set on your router for ports 22 (for SSH), 80 (for HTTP), and 443 (for HTTPS) routed to the LAN IP (Local Area Network Internet Protocol) address for Docker-NOSH.

Step 2: Download and install Docker

  1. If you use Linux, install Docker based on the distribution you use such as Ubuntu, Fedora, CentOS, and Arch/Manjaro.
  2. If you use Linux, install Docker Compose

Step 3: Download and install Git

Git for Windows.

Git for Mac.

Git for Linux.

Step 4: Install Docker-NOSH****Windows:

  1. If using Docker Toolbox for Windows, make sure Docker is active.
  2. Win + R to open the Run window; type in powershell and press Enter.
  3. In Powershell: $Env:COMPOSE_CONVERT_WINDOWS_PATHS=1
  4. Click the Windows or Start icon. In the Programs list, open the Git folder. Click the option for Git Bash.
  5. git clone https://github.com/shihjay2/docker-nosh.git
  6. cd docker-nosh
  7. ./init_win.sh

Mac:

  1. If using Docker Toolbox for Mac, make sure Docker is active.
  2. Open the Applications folder. Open Utilities and double-click on Terminal.
  3. git clone https://github.com/shihjay2/docker-nosh.git
  4. cd docker-nosh
  5. ./init.sh

Linux:

  1. Open a command-line terminal.
  2. git clone https://github.com/shihjay2/docker-nosh.git
  3. cd docker-nosh
  4. ./init.sh

Stopping NOSH

  1. Go to the docker-nosh directory.
  2. docker-compose down
  3. This will shut down the Docker container without removing the volumes (data) that has been saved from your NOSH instance.

Removing NOSH

  1. Go to the docker-nosh directory.
  2. docker-compose down -v
  3. This will shut down the Docker container in addition to removing the volumes (data). Please ensure you have a backup or that there is no valuable data to save before doing this; once it’s done you can’t retrieve your data!

Security Vulnerabilities

If you discover a security vulnerability within NOSH-in-a-Box, please send an e-mail to Michael Chen at shihjay2 at gmail.com. All security vulnerabilities will be promptly addressed.

License

Docker-NOSH is open-sourced software licensed under the GNU AGPLv3 license.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE