Latest News

### Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. ### Patches The problem has been fixed in CUBA REST API add-on 7.2.7. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application). ### References [Files Functionality Vulnerabilities :: Jmix Documentation](https://docs.jmix.io/jmix/files-vulnerabilities.html) Similar vulnerability in Jmix: [XSS in the /files Endpoint of the Generic REST API · Advisory · jm...

### Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. ### Patches The problem has been fixed in CUBA 7.2.23. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application). ### References [Files Functionality Vulnerabilities :: Jmix Documentation](https://docs.jmix.io/jmix/files-vulnerabilities.html) Similar vulnerability in Jmix: [DoS in the Local File Storage · Advisory · jmix-framework/jmix](https://github.com/jmix-framework/jmix/security/advisories/GHSA-...

### Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the /files endpoint in Jmix requires specific permissions and is disabled by default. ### Patches The problem has been fixed in Jmix 1.6.2+ and 2.4.0+. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application).

### Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the /files endpoint in Jmix requires specific permissions and is disabled by default. ### Patches The problem has been fixed in Jmix 1.6.2+ and 2.4.0+. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application).

### Summary An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. ### Details DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. Using the server API, it quite easy to trigger. For example, using the `run_as` endpoint (implemented by `run_as_login` in `api/api/controllers/security_controller.py`): the `auth_context` argument is completely controlled by the attacker, and is forwarded to the master server to handle. By sending a malicious `run_as` request to a worker server, it is possible to execute code on...

### Impact Attackers could manipulate the `FileRef` parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the `FileRef` directly in the database or by supplying a harmful value in the `fileRef` parameter of the `/files` endpoint of the generic REST API. Arbitrary file reading on the operating system where the Jmix process is running. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the `/files` endpoint in Jmix requires specific permissions and is disabled by default. ### Workarounds A workaround for those who are unable to upgrade: [Fix Path Traversal in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#fix-path-traversal-in-jmix-application). ### Credit Cai, Qi Qi of Siemens China Cybersecurity Testing...

### Impact OctoPrint versions up until and including 1.10.3 contain a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The impact on data exposure is minimal because, typically, data is loaded via API requests that correctly enforce user authentication. In the current codebase, cases where data is directly embedded in the page content are rare. However, one notable exception is the authenticated variant of the reverse proxy test page, which displays the IP addresses of configured reverse proxies. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. ### Patches The vulnerability has been patched in version 1.11.0. ### Details An authentication bypass vulnerability exists in the following functions defined in [octoprint/server/util/init.py](https://git...

Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which

Terrance, United States / California, 22nd April 2025, CyberNewsWire