Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-24060: Host your own private blog

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.

CVE
#web#google#amazon#wordpress#ssrf#aws#auth

Haven Sign Up Features

Haven

Self-host a private blog instead of using Facebook

Haven puts you in complete control of what you write. You choose who gets to see it instead of trusting a big company to control who gets access on your behalf. Share pictures of your kids with family and friends. Share private thoughts with those you trust most. You’re in control with no ads, and no tracking.

Haven is open source, and free for you to run on your own server. We’ve made it as easy as possible to get running on Amazon AWS and you can run it on a Raspberry Pi in your living room or anywhere else. If running it yourself is too daunting, we can host it for you on your own dedicated virtual server for $5 per month.

I started this project as a website where I could share pictures of my new-born daughter with friends and family. I tried using WordPress but it took too many custom plugins and configurations and I still got bombarded by spam signup requests. I thought about how it would be wonderful if other people could host their own websites to share what they want with only the people they choose. I knew it had to be as easy to use as popular social media sites. Those sites are free because they sell ads, and track their users all over the internet to make those ads more targetted.

So what exactly is Haven? Haven is your own private website, running on your own private server. On your Haven you can write new posts or updates and include pictures. In this way, your Haven is a lot like WordPress. Unlike WordPress, your Haven is private. Google cannot read what you post to your Haven. The only people who can read what you post to your Haven are the people who you give access. Take a look at the screenshots of Haven to get a feel for how it works.

That describes the posting side of Haven, but your Haven also includes a reader. With the Haven reader you can create your own private feed of all the websites you follow, along with other Havens. You can read more about the Haven reader on our blog.

When you run your own website, you are in control. It costs a little bit of time or money to pay for hosting but it means nobody needs to see any ads on your site or sacrifice the privacy of their online activity. We’ve tried to make Haven as easy as possible to run on your own if you have any experience with Amazon AWS, and we’ll even run it for you if that feels easier.

Do you want to see more? Take a look at some screenshots of Haven in action, or read more about Haven’s features!

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907