GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling

GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

GHSA-r5vf-wf4h-82gg: matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

### Impact
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

### Patches
Patched in juju 2.9.38 and juju 3.0.3
[juju/juju#ef803e2](https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556)

### Workarounds
Limit read access to the controller model to only trusted users.


**Juju controller - Arbitrary file reading vulnerability**

Moderate severity GitHub Reviewed Published Feb 15, 2023 in juju/juju • Updated Mar 1, 2023

Headline

GHSA-x5rv-w9pm-8qp8: Juju controller - Arbitrary file reading vulnerability

Impact

Patches

Workarounds

ghsa: Latest News