A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

Message ID

20220324134454.15192-1-baijiaju1990@gmail.com (mailing list archive)

State

New, archived

Headers

show

Series

fs: btrfs: fix possible use-after-free bug in error handling code of btrfs\_get\_root\_ref() | expand

**Commit Message****Comments**

**Patch**

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index b30309f187cf..126f244cdf88 100644
\--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1850,9 +1850,10 @@  static struct btrfs\_root \*btrfs\_get\_root\_ref(struct btrfs\_fs\_info \*fs\_info,
 
 	ret = btrfs\_insert\_fs\_root(fs\_info, root);
 	if (ret) {
\-		btrfs\_put\_root(root);
\-		if (ret == -EEXIST)
+		if (ret == -EEXIST) {
+			btrfs\_put\_root(root);
 			goto again;
+		}
 		goto fail;
 	}
 	return root;

CVE-2023-4389: fs: btrfs: fix possible use-after-free bug in error handling code of btrfs_get_root_ref()

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  262567.

CVE-2023-38737: IBM WebSphere Application Server Liberty denial of service CVE-2023-38737 Vulnerability Report

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.

'2219272?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-4385: Invalid Bug ID

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.



As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

**Please sign in**

**SUMMARY**

**NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability**

*   Security Advisory ID: MPSA-230304
*   Version: V1.0
*   Release Date: Aug 16, 2023
*   Reference:
    *   CVE-2023-4204 (cve.org) 

**CVE-2023-4204** 

A vulnerability has been identified in NPort IAW5000A-I/O Series firmware versions prior to v2.2, which poses a potential risk to the security and integrity of the affected device. 

The identified vulnerability types and potential effects are shown below: 

Item

Vulnerability Type

Impact

1

Use of hardcoded credentials 

(CWE-798) 

This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. 

**AFFECTED PRODUCTS AND SOLUTIONS**

**Affected Products:**

The affected products and firmware versions are shown below.

Product Series

Affected Versions

NPort IAW5000A-I/O Series 

Firmware version 2.2 and prior 

**Solutions:**

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are shown below: 

Product Series

Solutions

NPort IAW5000A-I/O Series 

Please contact Moxa Technical Support for the security patch.

**Mitigation:**

Moxa recommends users to follow CISA’s recommendations and do the following to mitigate security vulnerabilities. 

1.  Reduce network exposure by ensuring that all control-system devices and systems are not accessible via the Internet. 
    

2.  Place control-system networks and remote devices behind firewalls, isolating them from business networks. 
    

3.  When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices. 
    

**Products Confirmed Not Vulnerable:**

Only products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products: 

*   NPort 5000 (all series), NPort 6000 (all series), NPort Express Series, NPort IA5000 (all series), NPort P5150A Series, NPort S8000 Series, NPort S9000 (all series) 
    

**Revision History:**

VERSION

DESCRIPTION

RELEASE DATE

1.0

First Release

Aug. 16, 2023

**Relevant Products**

NPort IAW5000A-I/O Series ·

*     Print this page
    
*   You can manage and share your saved list in My Moxa
    

**Related Advisories**

*   NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities
*   NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities
*   NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities

**Let’s get that fixed**

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

CVE-2023-4204: NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability


Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.



**Vaikutus**

High

**Tiedot**

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV)

Software

06.01.00.016

Please see “Workarounds and Mitigations” in this advisory below.

 N/A

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV)

Software

06.01.00.016

Please see “Workarounds and Mitigations” in this advisory below.

 N/A

**Keinoja ongelman kiertämiseen tai lieventämiseen**

CVE ID

Workaround and Mitigation

CVE-2023-39250

1.  Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
2.  Update the password to the VMware vCenter.
3.  Do not create additional DSITV users; if additional users have already been created, remove those users
4.  Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

 **Kiitokset**

Dell would like to thank Tom Pohl for reporting this issue.  
 

**Versiohistoria**

Revision

Date

Description

1.0

2023-08-11

Initial Release

2.0

2023-08-15

Updated “Workarounds and Mitigations” section

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 ...

16 elok. 2023

CVE-2023-39250: DSA-2023-282: Security Update for Dell Storage Integration Tools for VMware (DSITV) Vulnerabilities

Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.


 

 Loading...

Skip to page contentSkip to chat

Skip to page contentSkip to chat

CVE-2023-2737: Knowledge Article View - Thales Customer Support

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Blue Ocean Plugin
*   Config File Provider Plugin
*   Delphix Plugin
*   Docker Swarm Plugin
*   Favorite View Plugin
*   Flaky Test Handler Plugin
*   Folders Plugin
*   Fortify Plugin
*   Gogs Plugin
*   Maven Artifact ChoiceListProvider (Nexus) Plugin
*   NodeJS Plugin
*   Shortcut Job Plugin
*   Tuleap Authentication Plugin

**Descriptions****CSRF vulnerability in Folders Plugin may approve unsandboxed scripts**

**SECURITY-3106 / CVE-2023-40336**  
**Severity (CVSS):** High  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allow the execution of unsafe scripts.

An improvement added in Script Security Plugin 1265.va\_fb\_290b\_4b\_d34 and 1251.1253.v4e638b\_e3b\_221 prevents automatic approval of unsandboxed scripts when administrators copy jobs, significantly reducing the impact of this vulnerability.

Folders Plugin 6.848.ve3b\_fd7839a\_81 requires POST requests for the affected HTTP endpoint.

**CSRF vulnerability in Folders Plugin**

**SECURITY-3105 / CVE-2023-40337**  
**Severity (CVSS):** Medium  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to copy a view inside a folder.

Folders Plugin 6.848.ve3b\_fd7839a\_81 requires POST requests for the affected HTTP endpoint.

**Information disclosure in Folders Plugin**

**SECURITY-3109 / CVE-2023-40338**  
**Severity (CVSS):** Medium  
**Affected plugin: cloudbees-folder**  
**Description:**

Folders Plugin displays an error message when attempting to access the Scan Organization Folder Log if no logs are available.

In Folders Plugin 6.846.v23698686f0f6 and earlier, this error message includes the absolute path of a log file, exposing information about the Jenkins controller file system.

Folders Plugin 6.848.ve3b\_fd7839a\_81 does not display the absolute path of a log file in the error message.

**Improper masking of credentials in Config File Provider Plugin**

**SECURITY-3090 / CVE-2023-40339**  
**Severity (CVSS):** Medium  
**Affected plugin: config-file-provider**  
**Description:**

Config File Provider Plugin 952.va\_544a\_6234b\_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log.

Config File Provider Plugin 953.v0432a\_802e4d2 masks credentials configured in configuration files if they appear in the build log.

**Improper masking of credentials in NodeJS Plugin**

**SECURITY-3196 / CVE-2023-40340**  
**Severity (CVSS):** Medium  
**Affected plugin: nodejs**  
**Description:**

NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file.

NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.

NodeJS Plugin 1.6.0.1 masks credentials specified in the Npm config file in Pipeline build logs.

**CSRF vulnerability in Blue Ocean Plugin allows capturing credentials**

**SECURITY-3116 / CVE-2023-40341**  
**Severity (CVSS):** Medium  
**Affected plugin: blueocean**  
**Description:**

Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

This issue is due to an incomplete fix of SECURITY-2502.

Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint.

**CSRF vulnerability and missing permission checks in Fortify Plugin allow capturing credentials**

**SECURITY-3115 / CVE-2023-4301 (CSRF), CVE-2023-4302 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: fortify**  
**Description:**

Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

**HTML injection vulnerability in Fortify Plugin**

**SECURITY-3140 / CVE-2023-4303**  
**Severity (CVSS):** Medium  
**Affected plugin: fortify**  
**Description:**

Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability.

Since Jenkins 2.275 and LTS 2.263.2, a security hardening for form validation responses prevents JavaScript execution, so no scripts can be injected.

Fortify Plugin 22.2.39 removes HTML tags from the error message.

**Stored XSS vulnerability in Flaky Test Handler Plugin**

**SECURITY-3223 / CVE-2023-40342**  
**Severity (CVSS):** High  
**Affected plugin: flaky-test-handler**  
**Description:**

Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

Flaky Test Handler Plugin 1.2.3 escapes JUnit test contents when showing them on the Jenkins UI.

**Non-constant time token comparison in Tuleap Authentication Plugin**

**SECURITY-3229 / CVE-2023-40343**  
**Severity (CVSS):** Low  
**Affected plugin: tuleap-oauth**  
**Description:**

Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.

This could potentially allow attackers to use statistical methods to obtain a valid authentication token.

Tuleap Authentication Plugin 1.1.21 uses a constant-time comparison when validating authentication tokens.

**Missing permission check in Delphix Plugin allows enumerating credentials IDs**

**SECURITY-3214 (1) / CVE-2023-40344**  
**Severity (CVSS):** Medium  
**Affected plugin: delphix**  
**Description:**

Delphix Plugin 3.0.2 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Delphix Plugin 3.0.3 requires the appropriate permissions.

**Exposure of system-scoped credentials in Delphix Plugin**

**SECURITY-3214 (2) / CVE-2023-40345**  
**Severity (CVSS):** Medium  
**Affected plugin: delphix**  
**Description:**

Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Overall/Read permission to access and capture credentials they are not entitled to.

Delphix Plugin 3.0.3 defines the appropriate context for credentials lookup.

**Stored XSS vulnerability in Shortcut Job Plugin**

**SECURITY-3071 / CVE-2023-40346**  
**Severity (CVSS):** High  
**Affected plugin: shortcut-job**  
**Description:**

Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.

Shortcut Job Plugin 0.5 escapes the shortcut redirection URL.

**Exposure of system-scoped credentials in Maven Artifact ChoiceListProvider (Nexus) Plugin**

**SECURITY-3153 / CVE-2023-40347**  
**Severity (CVSS):** Medium  
**Affected plugin: maven-artifact-choicelistprovider**  
**Description:**

Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

**Unsafe default behavior and information disclosure in Gogs Plugin webhook**

**SECURITY-2894 / CVE-2023-40348 (information disclosure), CVE-2023-40349 (insecure default)**  
**Severity (CVSS):** Medium  
**Affected plugin: gogs-webhook**  
**Description:**

Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default.

This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified job name.

Additionally, the output of the webhook endpoint includes whether a job corresponding to the attacker-specified job name exists, even if the attacker has no permission to access it.

**Stored XSS vulnerability in Docker Swarm Plugin**

**SECURITY-2811 / CVE-2023-40350**  
**Severity (CVSS):** High  
**Affected plugin: docker-swarm**  
**Description:**

Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view.

Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.

**CSRF vulnerability in Favorite View Plugin**

**SECURITY-3201 / CVE-2023-40351**  
**Severity (CVSS):** Medium  
**Affected plugin: favorite-view**  
**Description:**

Favorite View Plugin 5.v77a\_37f62782d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to add or remove views from another user’s favorite views tab bar.

**Severity**

*   SECURITY-2811: High
*   SECURITY-2894: Medium
*   SECURITY-3071: High
*   SECURITY-3090: Medium
*   SECURITY-3105: Medium
*   SECURITY-3106: High
*   SECURITY-3109: Medium
*   SECURITY-3115: Medium
*   SECURITY-3116: Medium
*   SECURITY-3140: Medium
*   SECURITY-3153: Medium
*   SECURITY-3196: Medium
*   SECURITY-3201: Medium
*   SECURITY-3214 (1): Medium
*   SECURITY-3214 (2): Medium
*   SECURITY-3223: High
*   SECURITY-3229: Low

**Affected Versions**

*   **Blue Ocean Plugin** up to and including 1.27.5
*   **Config File Provider Plugin** up to and including 952.va\_544a\_6234b\_46
*   **Delphix Plugin** up to and including 3.0.2
*   **Docker Swarm Plugin** up to and including 1.11
*   **Favorite View Plugin** up to and including 5.v77a\_37f62782d
*   **Flaky Test Handler Plugin** up to and including 1.2.2
*   **Folders Plugin** up to and including 6.846.v23698686f0f6
*   **Fortify Plugin** up to and including 22.1.38
*   **Gogs Plugin** up to and including 1.0.15
*   **Maven Artifact ChoiceListProvider (Nexus) Plugin** up to and including 1.14
*   **NodeJS Plugin** up to and including 1.6.0
*   **Shortcut Job Plugin** up to and including 0.4
*   **Tuleap Authentication Plugin** up to and including 1.1.20

**Fix**

*   **Blue Ocean Plugin** should be updated to version 1.27.5.1
*   **Config File Provider Plugin** should be updated to version 953.v0432a\_802e4d2
*   **Delphix Plugin** should be updated to version 3.0.3
*   **Flaky Test Handler Plugin** should be updated to version 1.2.3
*   **Folders Plugin** should be updated to version 6.848.ve3b\_fd7839a\_81
*   **Fortify Plugin** should be updated to version 22.2.39
*   **NodeJS Plugin** should be updated to version 1.6.0.1
*   **Shortcut Job Plugin** should be updated to version 0.5
*   **Tuleap Authentication Plugin** should be updated to version 1.1.21

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   Docker Swarm Plugin
*   Favorite View Plugin
*   Gogs Plugin
*   Maven Artifact ChoiceListProvider (Nexus) Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3116, SECURITY-3153
*   **Andrea Chiera, CloudBees, Inc.** for SECURITY-3201, SECURITY-3223
*   **Daniel Beck, CloudBees, Inc.** for SECURITY-3214 (1), SECURITY-3214 (2)
*   **James Nord, CloudBees, Inc.** for SECURITY-3090, SECURITY-3196
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-3071, SECURITY-3105, SECURITY-3106, SECURITY-3109, SECURITY-3140
*   **Kevin Guerroudj, CloudBees, Inc. and Valdes Che Zogou, CloudBees, Inc.** for SECURITY-2811
*   **Kevin Guerroudj, CloudBees, Inc. and Yaroslav Afenkin, CloudBees, Inc.** for SECURITY-3229
*   **Kevin Guerroudj, CloudBees, Inc. and, independently, Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3115
*   **anhnm99** for SECURITY-2894

CVE-2023-40345: Jenkins Security Advisory 2023-08-16

A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.

CVE-2023-40351: Jenkins Security Advisory 2023-08-16

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

CVE-2023-40347: Jenkins Security Advisory 2023-08-16

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.

Source

CVE