Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-4gp9-ff99-j6vj: Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

### Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section

ghsa
Open in Source
#vulnerability#web#git
GHSA-c5g6-6xf7-qxp3: Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

### Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. ### Patches Will be patched in 14.3.1 and 15.0.0. ### Workarounds Ensure that access to the Dictionary section is only granted to trusted users.

GHSA-3wwx-63fv-pfq6: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present

### Impact A policy rule denying a prefix that is broader than /32 may be ignored if there is - A policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) **and** - This narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all` Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`. As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied: ``` apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: block-scary-range spec: endpointSelector: {} egressDeny: - toCIDRSet: - cidr: 1.0.0.0/8 --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: evade-deny spec: endpointSelector: {} egress: - toCIDR: - 1.1.1.2/32 - toEntities: - all ``` ### Patches This issue affects: - Cilium v1.14 between v1.14.0 and v1.14.15 inclusive - Cilium v1.15 between v1.15.0 and v1.15.9 inclusive...

GHSA-584q-6j8j-r5pm: secp256k1-node allows private key extraction over ECDH

### Summary In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39 `loadCompressedPublicKey` is, however, missing that check: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19 That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power Other operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak ### Details The curve equation is `Y^2 = X^3 + 7`, and it restores `Y` from `X` in `loadCompressedPublicKey`, using `Y = sqrt(X^3 + 7)`, but whe...

GHSA-7pp4-388x-2xqj: SQL injection in funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php.

GHSA-c7qv-q95q-8v27: Denial of service in http-proxy-middleware

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

GHSA-7vfh-cqpc-4267: Security Update for the OPC UA .NET Standard Stack

This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to trigger a gradual degradation in performance.

GHSA-qm9f-c3v9-wphv: Security Update for the OPC UA .NET Standard Stack

This security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase in memory consumption.

GHSA-p5wf-cmr4-xrwr: Permissive Regular Expression in tacquito

### Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito (or versions of tacquito) in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was performing regex matches on authorized commands and arguments in a more permissive than intended manner. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. This behaviour could potentially allowed unauthorized commands to be executed. ### Patches The problem has been patched, and users should update to the latest github repo commit to get the patch. ### Workarounds Users should be able to add boundary conditions anchors '^' and '$' to their command configs to remediate the vulnerability without the upgrade

GHSA-4gc7-5j7h-4qph: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.