Latest News

The ABB BMS/BAS controller suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various protocol thread information running on the device.

### Impact Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. ### Patches Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. ### Workarounds There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability.

### Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. ### Details This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, `gh pr checkout`. These GitHub CLI commands invoke `git` with instructions to retrieve authentication tokens using the [`credential.helper`](https://git-scm.com/docs/gitcredentials) configuration variable for any host encountered. Prior to `2.63.0`, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: - `GITHUB_ENTERPRISE_TOKEN` - `GH_ENTERPRISE_TOKEN` - `GITHUB_TOKEN` _when `CODESPACES` environment variable is set_ The...

### Summary A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. ### Details `go-gh` sources authentication tokens from different environment variables depending on the host involved: - `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com - `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server Prior to `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when [within a codespace](https://github.com/cli/go-gh/blob/71770357e0cb12867d3e3e288854c0aa09d440b7/pkg/auth/auth.go#L73-L77). In `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. ### Impact Successful exploitation could send authentication token to an unintended host. ### Remediation and mitigation 1. Upgrade `go-gh` to `...

### Impact Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering half of the XTS key obsolete. Timing attacks require specific conditions to be exploitable. ### Patches Patched in 2024.11.26 ### Workarounds Upgrade the package ### References https://en.wikipedia.org/wiki/Timing_attack

### Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier **CVE-2024-49203**. ### Details Vulnerable code may look as follows: ``` @GetMapping public List<Test> getProducts(@RequestParam("orderBy") String orderBy) { JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy)); JPAQuery<Test> orderedQuery = query.orderBy(order); return orderedQuery.fetch(); } ``` Where vulnerability is either caused by ```pathBuilder.get(orderBy)``` or the ```orderBy(order)``` method itself, based on where the security checks are expected. ...

Just like Russia's Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia.

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name.

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensures that paths used by the File system objects list Parameter are restricted to an allow list, with the default base directory set to $JENKINS_HOME/userContent/. The allow list can be configured to include additional custom base directories.

A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.