The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.

  

**Summary**

POWER9: In response to a security issue with firmware update, this security bulletin is being issued to address Common Vulnerabilities and Exposures issue number CVE 2022-22374. There is no Power System firmware update for this.  Please follow the Remediation and Mitigation steps.

**Vulnerability Details**

**CVEID:**   CVE-2022-22374  
**DESCRIPTION:**   The BMC may be subject to downgrade attack which may affect its ability to operate its host.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221442 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

OPENBMC

OP910

OPENBMC

OP940

**Remediation/Fixes**

Customers with the products below running OP910, OP920, OP930 or OP940, follow the Mitigation steps:

1) IBM Power System AC922 (8335-GTG)

2) IBM Power System AC922 (8335-GTC, 8335-GTW)

3) IBM Power System AC922 (8335-GTH, 8335-GTX)

4) IBM Power System IC922 (9183-22X)

5) IBM Power Hardware Management Console System Firmware (7063-CR2)

**Workarounds and Mitigations**

Use the BMC to learn which firmware versions are currently installed on both the BMC and the host system, then verify these versions match the firmware version most recently uploaded and installed on the BMC.  The firmware versions (sometimes called firmware levels) are given in IBM FixCentral (https://www.ibm.com/support/fixcentral) under the description of each firmware version.

If the firmware versions actually installed do not match the firmware versions intended to be installed, try reinstalling the firmware.  If the versions still do not match, obtain firmware from a trusted source such as your service and support representative or from IBM FixCentral.

Please note that firmware versions may be unexpected due to a number of reasons.  For example: a firmware update operation was not successful, the BMC recovered to a previous firmware version, or the problem described by CVE-2022-22374.

**References**

Off

**Acknowledgement**

Patrick Williams <patrick@stwcx.xyz>

**Change History**

11 Mar 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU009","label":"Systems - Server"},"Product":{"code":"AC922","label":"Power 9 AC922"},"Component":"BMC","Platform":\[{"code":"PF050","label":"BMC"}\],"Version":"OP910, OP920, OP930, OP940","Edition":""}\]

CVE-2022-22374: Security Bulletin: This Power System update is being released to address CVE-2022-22374

DiCal-RED version 4009 is vulnerable to unauthorized log access and other files on the device's file system due to improper authentication checks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Advisory ID:               SYSS-2024-040  
Product:                   DiCal-RED  
Manufacturer:              Swissphone Wireless AG  
Affected Version(s):       Unknown  
Tested Version(s):         4009  
Vulnerability Type:        Improper Authentication (CWE-287)  
Risk Level:                High  
Solution Status:           Open  
Manufacturer Notification: 2024-04-16  
Solution Date:             None  
Public Disclosure:         2024-08-20  
CVE Reference:             CVE-2024-36444  
Author of Advisory:        Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

DiCal-RED is a radio module for communication between emergency vehicles and  
control rooms. It provides Ethernet, Wi-Fi and cellular network connectivity  
and runs a Linux- and BusyBox-based operating system.

The manufacturer describes the product as follows (see [1]):

"The DiCal-Red radio data module reliably guides you to your destination. This  
is ensured by the linking of navigation (also for the transmission of position  
data) and various radio modules."

Due to improper authentication checks, the device is vulnerable to  
unauthorized access to logs and other files on the device's file system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The device allows viewing log files via the administrative web interface.  
This function does not require an authenticated session.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

As other parts of the administrative web interface do require authentication,  
a simple proof of concept is to log in to the web interface and navigate to  
the function to view log files.  
Log file contents are returned by a URL similar to  
http:/192.0.2.1/cgi-bin/fdmcgiwebv2.cgi?action=displayfilel&data={%22FilePath%22:%22%22,%22FileAlias%22:%22FdmDebugPath%22,%22LinesMax%22:0}

Using a local proxy to remove the QSESSIONID cookie from this request shows  
that the content is also returned when not sending any session information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The manufacturer recommends not running the device in an untrusted network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-02-29: Vulnerability discovered  
2024-04-16: Vulnerability reported to manufacturer  
2024-05-10: Manufacturer states that the vulnerability will not be fixed  
2024-05-14: Vulnerability reported to CERT-Bund  
2024-08-13: CERT-Bund informs us that the vendor declared the product EOL  
2024-08-20: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for DiCal-RED  
    https://www.swissphone.com/solutions/components/terminals/radio-data-module-dical-red/  
[2] SySS Security Advisory SYSS-2024-040  
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-040.txt  
[3] SySS Responsible Disclosure Policy  
    https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc  
Key ID: 0x9CE0E440429D8B96  
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAmbEQgMACgkQnODkQEKd  
i5ZgGw/9GlpK9ZCfsFYDOaonfqTm0zPxu1CURL4gT2gnmcWKnvZMnSBVtI2qolR/  
oyp8GMhBkQ5i1msTZXCBFTQfmxAjniNZ4hpg9nxY/9q7uThu8td2A89Ge9+qP7u0  
06Z52kYGhMK+C5Ecoww9pOjNtL233B6300kSxxBh4wspAUw8NdOtnBO9zTiU8zcw  
MPjPsoHNofn6Ah1BRw40vkPTDGoKE9wD17nNJn0lnpgvP03ZLgEErk4gkvK0L1ts  
N33g1R0k2M3vKzhid9FUFE+OEFN4NdkmTUqylGU9uLEhtSZiZ5CT1kAcNp6PUOlA  
EmNqudfLngHVhyfTAVXhbJV8C/I9tCiktPiPD3g4sAP5FwsmnfKXvwULCABV7Y6I  
6szsx1JPojyaYTi0hGKviJjewyEld9p7qLuCDt/Hq6BqkxaZkAN1JuyuqMLQDw8k  
ghIBzdqxCpaoa3r43Cg6mpiNzhe9cRYHDDSQ5wl+5nKI4NDy7xxaQd8psyg5CjCP  
CxgJTHne5zvFhtZP7LFa82R3Yux6x6k2XcxbsgoBaBYXS9Qj+QKLU5HxbZVbVwWS  
c0kZzHWWydiaqSfXl5OZDPZIcOZH3C95kXFY78XMOhndqg9yW7ot3OJ/RR5GfX1X  
jqcbLv9k0XCRr55bH/vcLWoJw9oGxfX25FlH2Sp7VYiaIohd8cM=  
=Iaf1  
-----END PGP SIGNATURE-----

DiCal-RED 4009 Log Disclosure

DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Advisory ID:               SYSS-2024-041  
Product:                   DiCal-RED  
Manufacturer:              Swissphone Wireless AG  
Affected Version(s):       Unknown  
Tested Version(s):         4009  
Vulnerability Type:        Use of Unmaintained Third Party Components (CWE-1104)  
Risk Level:                High  
Solution Status:           Open  
Manufacturer Notification: 2024-04-16  
Solution Date:             None  
Public Disclosure:         2024-08-20  
CVE Reference:             CVE-2016-5195, CVE-2016-7406, CVE-2019-12815 and others  
Author of Advisory:        Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

DiCal-RED is a radio module for communication between emergency vehicles and  
control rooms. It provides Ethernet, Wi-Fi and cellular network connectivity  
and runs a Linux- and BusyBox-based operating system.

The manufacturer describes the product as follows (see [1]):

"The DiCal-Red radio data module reliably guides you to your destination. This  
is ensured by the linking of navigation (also for the transmission of position  
data) and various radio modules."

Due to the use of unmaintained third-party software components, the device is  
vulnerable to numerous known security issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The device's operating system is based on several well-known open-source  
products, such as the Linux kernel, the Dropbear SSH server and the  
ProFTPD FTP server.

In particular, it runs the following versions:

 Product      | Version | Released  
 -------------|---------|--------------  
 Linux kernel | 3.14.35 | March 2015  
 Dropbear     | 2013.56 | March 2013  
 ProFTPD      |  1.3.3g | November 2011

There are several publicly known security issues that affect these software  
versions, such as CVE-2016-5195, CVE-2016-7406 or CVE-2019-12815.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

None

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The manufacturer recommends not running the device in an untrusted network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-02-29: Vulnerability discovered  
2024-04-16: Vulnerability reported to manufacturer  
2024-05-10: Manufacturer states that the vulnerability will not be fixed  
2024-05-14: Vulnerability reported to CERT-Bund  
2024-08-13: CERT-Bund informs us that the vendor declared the product EOL  
2024-08-20: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for DiCal-RED  
    https://www.swissphone.com/solutions/components/terminals/radio-data-module-dical-red/  
[2] SySS Security Advisory SYSS-2024-041  
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-041.txt  
[3] SySS Responsible Disclosure Policy  
    https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc  
Key ID: 0x9CE0E440429D8B96  
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAmbEQgQACgkQnODkQEKd  
i5bc5A//bNGaYSQgB48TQes7HlvC5hsYWgtFZU6xdI+V6SEkeGkMGAPfItRDjgAt  
fUxbP+UZbjkgBZuHk5wJJYFWYEHE7a+PFJW7JC3kwioVqanrxzlST/PCCIyxNFZR  
Jy/bwC0EkE5xsyDrOmMbfBAOicObLChmXw7XuN5ec14VUPNjrBL++iYH2Y694ZnC  
sP+sxD7g2QDxTllHkpIcWVZN0T/hH3RHOS5SM0Kv8SfDln38lOSuPbMkr/V/wmpG  
FWpjgYWjtSLFQwozJWxEbp/X6/nwxTIRM1/kTgjNeBZDa74mIGPdxPLDKXYlytI6  
/Wrj6PjN+UjA6fbxb+LvYdtx/xQ98gPj5k84/qlQ8fNO24bSq3VUOcoATm640TtM  
9MEjr38rF/FPksufef1gj45m9/HgnPSeXyVkf5XZR6ipb9Mc+elpO7f+YivY5wfB  
DOuEiYaCJsQL+7KZrVR2c3+4rVTQOiUOzRT8QUPu0//naHfLDtq0DRAlRJQHzIiY  
2xqJPvs4XcmctsokqvbHGikPROEU36cJSBKdSqrorLmC6EU0fPF4c3EzGVSRkHpT  
LOhIjACUWteOLjh3BJhXAobS1jIwS73HUFO+Vr1RT54lhrmXlWIW8WrexDrdA9mz  
ALGeZDjb5uH8Y4DQ5oWOXVbK8eSFAJc/FRRDMRHsiAMWWozOBik=  
=R39e  
-----END PGP SIGNATURE-----

DiCal-RED 4009 Outdated Third Party Components

A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

**LAST UPDATED: DEC 30, 2022**

**Release Date:** December 30, 2022

**CVE Vulnerability Identifier:** CVE-2022-48191

**Platform(s):** Microsoft Windows

**Summary**

Trend Micro has released a hotfix for Trend Micro Maximum Security 2022 which resolves a security time-of-check time-of-use local privilege escalation vulnerability.

**Affected version(s)**

PRODUCT

AFFECTED VERSION(S)

PLATFORM

LANGUAGE(S)

Trend Micro Maximum Security

2022 (v17.7)

Microsoft Windows

English

**Solution**

Trend Micro has released a hotfix available for version below that resolves the issue:

PRODUCT

AFFECTED VERSION(S)

PLATFORM

LANGUAGE(S)

Trend Micro Maximum Security

2022 (v17.7) Hotfix

Microsoft Windows

English

**Vulnerability Details**

This hotfix resolves a vulnerability in the product wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

**Mitigating Factors**

None identified. Customers are advised to ensure they always have the latest version of the program.

**Acknowledgement**

Trend Micro would like to thank **Simon Zuckerbraun** for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

**Additional Assistance**

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

**External Reference**

*   ZDI-CAN-18291

How helpful was this article?

*   It wasn't helpful at all.
*   Somewhat helpful.
*   Just okay.
*   It was somewhat helpful.
*   It was helpful.

*   \*Feedback submitted will only be used as reference for future product, service and article improvements.

CVE-2022-48191: Security Bulletin: Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

Cleo Communications took advantage of the FCC's EBB program to scam those already struggling with money when the pandemic struck.
The post Low-income consumers preyed on by fake ISP during pandemic, FCC says appeared first on Malwarebytes Labs.

The FCC (Federal Communications Commission) has proposed a fine of $220,210 against Kyle Traxler of Ohio for allegedly establishing the bogus internet provider, Cleo Communications, to scam low-income consumers. The victims believed they were receiving government-approved discounts on internet services and devices during pandemic lockdowns in the US.

In a document posted to its site, the FCC says Traxler “willfully and repeatedly” committed multiple federal wire fraud violations for three months, from May 24, 2021, to August 11, 2021. During this time, Traxler, who was CEO of Cleo Communications, sought to be authorized by the FCC as an ISP provider under the Emergency Broadband Benefit (EBB) program, which the FCC opened to provide subsidized broadband—$50 monthly discounts—to those who had low or lost income when the pandemic hit.

Per the notice, Cleo Communications sold EBB-discounted devices via its website, accepting payments via PayPal, Venmo, credit cards, and interstate wire transfers. However, these products never arrived. When consumers asked for a refund for products or services that never materialized, the company refused, citing its “Terms of Service” as the basis for refusal. Cleo’s terms stated:

    Cleo Communications operates a PREPAID Service. All services are sold as in (sic) and without warranty. Under NO circumstances does Cleo Communications represent any warranty nor provide a refund of any kind for services that are offered [...] Cleo Communications does NOT nor will ever imply or agree upon a refund, credits nor any other refunds of service and monies to be returned to you.
    
    All refunds and credits are up to Cleo at its sole discretion and therefore, charge backs to us via any customer bank is breach of contract at any time and is subject to further legal action up to but not limited to small claims court actions for breach of contract in the amount of what is disputed, any and all legal fees, court fees, attorney fees, filing fees, interest at 9.9%, and a contract breach fee in the amount of $300.00.

In some cases, Cleo threatened to sue them for “terms of service breach”, admin cost for preparing the invoice, and an interest rate.

From the document:

> “Cleo apparently existed for the sole purpose of taking financial advantage of customers under the disguise of being a legitimate EBB Program provider. Cleo Communications has had no business activity outside of the EBB Program and no other business purpose.
> 
> After receiving authorization to participate in the EBB Program and advertising that participation on its website, Cleo apparently never enrolled consumers in the EBB Program or delivered the discounted broadband services or devices for which Cleo received payment from consumers who believed Cleo’s online website representations.”

Complaints received by the FCC eventually triggered the investigation into Cleo Communications and Traxler. The agency interviewed eight of Cleo’s victims from various states, and all shared a very similar story. Cleo never resorted to other schemes that could have defrauded the EBB program directly. Instead, Traxler chose to just scam consumers.

> “Cleo’s schemes to defraud consumers under the pretense of participating in the EBB Program caused severe harm not only in monetary terms to the low-income consumers it preyed upon, but also to the trust and goodwill this or any program needs to achieve its purposes effectively.”

The EBB program was eventually discontinued and replaced by the Affordable Connectivity Program, which offered $30 monthly discounts.

Low-income consumers preyed on by fake ISP during pandemic, FCC says

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Blue Ocean Plugin
*   Config File Provider Plugin
*   Delphix Plugin
*   Docker Swarm Plugin
*   Favorite View Plugin
*   Flaky Test Handler Plugin
*   Folders Plugin
*   Fortify Plugin
*   Gogs Plugin
*   Maven Artifact ChoiceListProvider (Nexus) Plugin
*   NodeJS Plugin
*   Shortcut Job Plugin
*   Tuleap Authentication Plugin

**Descriptions****CSRF vulnerability in Folders Plugin may approve unsandboxed scripts**

**SECURITY-3106 / CVE-2023-40336**  
**Severity (CVSS):** High  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allow the execution of unsafe scripts.

An improvement added in Script Security Plugin 1265.va\_fb\_290b\_4b\_d34 and 1251.1253.v4e638b\_e3b\_221 prevents automatic approval of unsandboxed scripts when administrators copy jobs, significantly reducing the impact of this vulnerability.

Folders Plugin 6.848.ve3b\_fd7839a\_81 requires POST requests for the affected HTTP endpoint.

**CSRF vulnerability in Folders Plugin**

**SECURITY-3105 / CVE-2023-40337**  
**Severity (CVSS):** Medium  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to copy a view inside a folder.

Folders Plugin 6.848.ve3b\_fd7839a\_81 requires POST requests for the affected HTTP endpoint.

**Information disclosure in Folders Plugin**

**SECURITY-3109 / CVE-2023-40338**  
**Severity (CVSS):** Medium  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin displays an error message when attempting to access the Scan Organization Folder Log if no logs are available.

In Folders Plugin 6.846.v23698686f0f6 and earlier, this error message includes the absolute path of a log file, exposing information about the Jenkins controller file system.

Folders Plugin 6.848.ve3b\_fd7839a\_81 does not display the absolute path of a log file in the error message.

**Improper masking of credentials in Config File Provider Plugin**

**SECURITY-3090 / CVE-2023-40339**  
**Severity (CVSS):** Medium  
**Affected plugin: config-file-provider**  
**Description:**

Config File Provider Plugin 952.va\_544a\_6234b\_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log.

Config File Provider Plugin 953.v0432a\_802e4d2 masks credentials configured in configuration files if they appear in the build log.

**Improper masking of credentials in NodeJS Plugin**

**SECURITY-3196 / CVE-2023-40340**  
**Severity (CVSS):** Medium  
**Affected plugin: nodejs**  
**Description:**

NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file.

NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.

NodeJS Plugin 1.6.0.1 masks credentials specified in the Npm config file in Pipeline build logs.

**CSRF vulnerability in Blue Ocean Plugin allows capturing credentials**

**SECURITY-3116 / CVE-2023-40341**  
**Severity (CVSS):** Medium  
**Affected plugin: blueocean**  
**Description:**

Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

This issue is due to an incomplete fix of SECURITY-2502.

Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint.

**CSRF vulnerability and missing permission checks in Fortify Plugin allow capturing credentials**

**SECURITY-3115 / CVE-2023-4301 (CSRF), CVE-2023-4302 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: fortify**  
**Description:**

Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

**HTML injection vulnerability in Fortify Plugin**

**SECURITY-3140 / CVE-2023-4303**  
**Severity (CVSS):** Medium  
**Affected plugin: fortify**  
**Description:**

Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability.

Since Jenkins 2.275 and LTS 2.263.2, a security hardening for form validation responses prevents JavaScript execution, so no scripts can be injected.

Fortify Plugin 22.2.39 removes HTML tags from the error message.

**Stored XSS vulnerability in Flaky Test Handler Plugin**

**SECURITY-3223 / CVE-2023-40342**  
**Severity (CVSS):** High  
**Affected plugin: flaky-test-handler**  
**Description:**

Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

Flaky Test Handler Plugin 1.2.3 escapes JUnit test contents when showing them on the Jenkins UI.

**Non-constant time token comparison in Tuleap Authentication Plugin**

**SECURITY-3229 / CVE-2023-40343**  
**Severity (CVSS):** Low  
**Affected plugin: tuleap-oauth**  
**Description:**

Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.

This could potentially allow attackers to use statistical methods to obtain a valid authentication token.

Tuleap Authentication Plugin 1.1.21 uses a constant-time comparison when validating authentication tokens.

**Missing permission check in Delphix Plugin allows enumerating credentials IDs**

**SECURITY-3214 (1) / CVE-2023-40344**  
**Severity (CVSS):** Medium  
**Affected plugin: delphix**  
**Description:**

Delphix Plugin 3.0.2 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Delphix Plugin 3.0.3 requires the appropriate permissions.

**Exposure of system-scoped credentials in Delphix Plugin**

**SECURITY-3214 (2) / CVE-2023-40345**  
**Severity (CVSS):** Medium  
**Affected plugin: delphix**  
**Description:**

Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Overall/Read permission to access and capture credentials they are not entitled to.

Delphix Plugin 3.0.3 defines the appropriate context for credentials lookup.

**Stored XSS vulnerability in Shortcut Job Plugin**

**SECURITY-3071 / CVE-2023-40346**  
**Severity (CVSS):** High  
**Affected plugin: shortcut-job**  
**Description:**

Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.

Shortcut Job Plugin 0.5 escapes the shortcut redirection URL.

**Exposure of system-scoped credentials in Maven Artifact ChoiceListProvider (Nexus) Plugin**

**SECURITY-3153 / CVE-2023-40347**  
**Severity (CVSS):** Medium  
**Affected plugin: maven-artifact-choicelistprovider**  
**Description:**

Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

**Unsafe default behavior and information disclosure in Gogs Plugin webhook**

**SECURITY-2894 / CVE-2023-40348 (information disclosure), CVE-2023-40349 (insecure default)**  
**Severity (CVSS):** Medium  
**Affected plugin: gogs-webhook**  
**Description:**

Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default.

This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified job name.

Additionally, the output of the webhook endpoint includes whether a job corresponding to the attacker-specified job name exists, even if the attacker has no permission to access it.

**Stored XSS vulnerability in Docker Swarm Plugin**

**SECURITY-2811 / CVE-2023-40350**  
**Severity (CVSS):** High  
**Affected plugin: docker-swarm**  
**Description:**

Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view.

Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.

**CSRF vulnerability in Favorite View Plugin**

**SECURITY-3201 / CVE-2023-40351**  
**Severity (CVSS):** Medium  
**Affected plugin: favorite-view**  
**Description:**

Favorite View Plugin 5.v77a\_37f62782d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to add or remove views from another user’s favorite views tab bar.

**Severity**

*   SECURITY-2811: High
*   SECURITY-2894: Medium
*   SECURITY-3071: High
*   SECURITY-3090: Medium
*   SECURITY-3105: Medium
*   SECURITY-3106: High
*   SECURITY-3109: Medium
*   SECURITY-3115: Medium
*   SECURITY-3116: Medium
*   SECURITY-3140: Medium
*   SECURITY-3153: Medium
*   SECURITY-3196: Medium
*   SECURITY-3201: Medium
*   SECURITY-3214 (1): Medium
*   SECURITY-3214 (2): Medium
*   SECURITY-3223: High
*   SECURITY-3229: Low

**Affected Versions**

*   **Blue Ocean Plugin** up to and including 1.27.5
*   **Config File Provider Plugin** up to and including 952.va\_544a\_6234b\_46
*   **Delphix Plugin** up to and including 3.0.2
*   **Docker Swarm Plugin** up to and including 1.11
*   **Favorite View Plugin** up to and including 5.v77a\_37f62782d
*   **Flaky Test Handler Plugin** up to and including 1.2.2
*   **Folders Plugin** up to and including 6.846.v23698686f0f6
*   **Fortify Plugin** up to and including 22.1.38
*   **Gogs Plugin** up to and including 1.0.15
*   **Maven Artifact ChoiceListProvider (Nexus) Plugin** up to and including 1.14
*   **NodeJS Plugin** up to and including 1.6.0
*   **Shortcut Job Plugin** up to and including 0.4
*   **Tuleap Authentication Plugin** up to and including 1.1.20

**Fix**

*   **Blue Ocean Plugin** should be updated to version 1.27.5.1
*   **Config File Provider Plugin** should be updated to version 953.v0432a\_802e4d2
*   **Delphix Plugin** should be updated to version 3.0.3
*   **Flaky Test Handler Plugin** should be updated to version 1.2.3
*   **Folders Plugin** should be updated to version 6.848.ve3b\_fd7839a\_81
*   **Fortify Plugin** should be updated to version 22.2.39
*   **NodeJS Plugin** should be updated to version 1.6.0.1
*   **Shortcut Job Plugin** should be updated to version 0.5
*   **Tuleap Authentication Plugin** should be updated to version 1.1.21

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   Docker Swarm Plugin
*   Favorite View Plugin
*   Gogs Plugin
*   Maven Artifact ChoiceListProvider (Nexus) Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3116, SECURITY-3153
*   **Andrea Chiera, CloudBees, Inc.** for SECURITY-3201, SECURITY-3223
*   **Daniel Beck, CloudBees, Inc.** for SECURITY-3214 (1), SECURITY-3214 (2)
*   **James Nord, CloudBees, Inc.** for SECURITY-3090, SECURITY-3196
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-3071, SECURITY-3105, SECURITY-3106, SECURITY-3109, SECURITY-3140
*   **Kevin Guerroudj, CloudBees, Inc. and Valdes Che Zogou, CloudBees, Inc.** for SECURITY-2811
*   **Kevin Guerroudj, CloudBees, Inc. and Yaroslav Afenkin, CloudBees, Inc.** for SECURITY-3229
*   **Kevin Guerroudj, CloudBees, Inc. and, independently, Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3115
*   **anhnm99** for SECURITY-2894

CVE-2023-40347: Jenkins Security Advisory 2023-08-16

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

**Impact**

Eig can be fed an incorrect Tout input, resulting in a CHECK fail that can trigger a denial of service attack.

import tensorflow as tf
import numpy as np 
arg\_0\=tf.constant(value\=np.random.random(size\=(2, 2)), shape\=(2, 2), dtype\=tf.float32)
arg\_1\=tf.complex128
arg\_2\=True
arg\_3\=''
tf.raw\_ops.Eig(input\=arg\_0, Tout\=arg\_1, compute\_v\=arg\_2, name\=arg\_3)

**Patches**

We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

**For more information**

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

**Attribution**

This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.

CVE-2022-36000: `CHECK` fail in `Eig`

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.

**hp-concentra-wrapper-portlet**

 Actions

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.

Severity

High

HP Reference

HPSBPI03841 rev. 1

Release date

April 6, 2023

Last updated

April 6, 2023

Category

Print

Potential Security Impact

Potential Heap Overflow, Elevation of Privilege

**Relevant Common Vulnerabilities and Exposures (CVE) List**

**Reported by**: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro Zero Day Initiative

List of CVE IDs    

CVE ID

CVSS

Severity

Vector

CVE-2023-27973

8.8

High

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2023-0020

**Resolution**

Update the printer firmware.

HP has provided an updated firmware resolution for potentially affected products listed in the table below. To obtain the updated firmware, go to the HP Customer Support - Software and Driver Downloads, and then search for your printer model.

**Affected products**

Find the products affected and the firmware version that resolves the vulnerabilities.

Affected products    

Product Name

Model Number

Updated Firmware Version

HP Color LaserJet MFP M478-M479 series

W1A75A, W1A76A, W1A77A, W1A81A, W1A82A, W1A79A, W1A80A, W1A78A

002\_2310A or higher

HP Color LaserJet Pro M453-M454 series

W1Y40A, W1Y41A, W1Y46A, W1Y47A, W1Y44A, W1Y45A, W1Y43A

002\_2310A or higher

HP LaserJet Pro M304-M305 Printer series

W1A66A, W1A46A, W1A47A, W1A48A

002\_2310A or higher

HP LaserJet Pro M404-M405 Printer series

W1A51A, W1A53A, W1A56A, W1A63A, W1A52A, 93M22A, W1A58A, W1A59A, W1A60A, W1A57A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 f series

W1A29A, W1A32A, W1A30A, W1A38A, W1A34A, W1A35A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 series

W1A28A, W1A31A, W1A33A

002\_2310A or higher

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial release

April 6, 2023

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2023 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2023-27973: Certain HP LaserJet Pro Print Products - Potential Heap Overflow, Remote Code Execution

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

**hp-concentra-wrapper-portlet**

 Actions

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Severity

High

HP Reference

HPSBPI03840 rev. 1

Release date

April 6, 2023

Last updated

April 6, 2023

Category

Print

Potential Security Impact

Potential Buffer Overflow, Remote Code Execution

**Relevant Common Vulnerabilities and Exposures (CVE) List**

**Reported by**: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro Zero Day Initiative

List of CVE IDs    

CVE ID

CVSS 3.0

Severity

Vector

CVE-2023-27972

8.8

High

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2023-0019

**Resolution**

Update the printer firmware.

HP has provided an updated firmware resolution for potentially affected products listed in the table below. To obtain the updated firmware, go to the HP Customer Support - Software and Driver Downloads, and then search for your printer model.

**Affected products**

Find the products affected and the firmware version that resolves the vulnerabilities.

Affected products    

Product Name

Model Number

Updated Firmware Version

HP Color LaserJet MFP M478-M479 series

W1A75A, W1A76A, W1A77A, W1A81A, W1A82A, W1A79A, W1A80A, W1A78A

002\_2310A or higher

HP Color LaserJet Pro M453-M454 series

W1Y40A, W1Y41A, W1Y46A, W1Y47A, W1Y44A, W1Y45A, W1Y43A

002\_2310A or higher

HP LaserJet Pro M304-M305 Printer series

W1A66A, W1A46A, W1A47A, W1A48A

002\_2310A or higher

HP LaserJet Pro M404-M405 Printer series

W1A51A, W1A53A, W1A56A, W1A63A, W1A52A, 93M22A, W1A58A, W1A59A, W1A60A, W1A57A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 f series

W1A29A, W1A32A, W1A30A, W1A38A, W1A34A, W1A35A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 series

W1A28A, W1A31A, W1A33A

002\_2310A or higher

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial release

April 6, 2023

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2023 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2023-27972: Certain HP LaserJet Pro Print Products - Potential Buffer Overflow, Remote Code Execution

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

**hp-concentra-wrapper-portlet**

 Actions

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

Severity

High

HP Reference

HPSBPI03839 rev. 1

Release date

April 6, 2023

Last updated

April 6, 2023

Category

Print

Potential Security Impact

Potential Buffer Overflow, Elevation of Privilege

**Relevant Common Vulnerabilities and Exposures (CVE) List**

**Reported by**: Neodyme working with Trend Micro Zero Day Initiative

List of CVE IDs    

CVE ID

CVSS

Severity

Vector

CVE-2023-27971

8.8

High

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2023-0018

**Resolution**

Update the printer firmware.

HP has provided an updated firmware resolution for potentially affected products listed in the table below. To obtain the updated firmware, go to the HP Customer Support - Software and Driver Downloads, and then search for your printer model.

**Affected products**

Find the products affected and the firmware version that resolves the vulnerabilities.

Affected products    

Product Name

Model Number

Updated Firmware Version

HP Color LaserJet MFP M478-M479 series

W1A75A, W1A76A, W1A77A, W1A81A, W1A82A, W1A79A, W1A80A, W1A78A

002\_2310A or higher

HP Color LaserJet Pro M453-M454 series

W1Y40A, W1Y41A, W1Y46A, W1Y47A, W1Y44A, W1Y45A, W1Y43A

002\_2310A or higher

HP LaserJet Pro M304-M305 Printer series

W1A66A, W1A46A, W1A47A, W1A48A

002\_2310A or higher

HP LaserJet Pro M404-M405 Printer series

W1A51A, W1A53A, W1A56A, W1A63A, W1A52A, 93M22A, W1A58A, W1A59A, W1A60A, W1A57A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 f series

W1A29A, W1A32A, W1A30A, W1A38A, W1A34A, W1A35A

002\_2310A or higher

HP LaserJet Pro MFP M428-M429 series

W1A28A, W1A31A, W1A33A

002\_2310A or higher

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial release

April 6, 2023

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2023 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us