Source
ghsa
### Impact On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key. Does not apply to ephemeral usage, such as when used in the regular way in TLS. ### Patches Patched in 0.6.2. ### References - [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to)
### Impact Agents running on macOS could be susceptible to unexpected code execution through user supplied environment variables. ### Patches Fixed in versions 14.2.4, 13.4.13 and 12.4.31. ### References * Fix PR: https://github.com/gravitational/teleport/pull/36132
### Impact An attacker that has access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the Proxy server are still respected, so files can only be read or modified on the Proxy if the user has system access to read or write to them. ### Patches Fixed in versions 14.2.4, 13.4.13 and 12.4.31. ### Workarounds This issue can be mitigated by ensuring that regular users do not have a valid principal on the proxy server. To be exploitable, the user's login must exist on a proxy server and the Teleport binary must have permissions to start a session with this user. ### References * Fix PR: https://github.com/gravitational/teleport/pull/36136
### Impact Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation. ### Patches Fixed in version 14.2.4 and 13.4.13
### Impact An authenticated attacker with valid credentials (user or host) can make non-blind Server-Side Request Forgery (SSRF) through the proxy and/or agents to arbitrary hosts. During investigation of this functionality, it was discovered that there are several permutations where this SSRF is possible. This release addresses all but one: a root proxy administrator with access to the root proxy credentials can make requests through leaf proxies in Trusted Clusters. This behavior will be restricted in future releases. For customers using Teleport in a Trusted Cluster configuration, we encourage leaf clusters to have network restrictions in place to mitigate SSRF. For example, we recommend restricting outbound network connections to only the Auth Service, your SSO provider, and any agents, databases or applications needed to be accessed from the proxy. If running in a cloud environment pay careful attention to what cloud resources are accessible from the proxy. ### Patches Fixed in ...
### Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. `wrangler dev` would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate `Origin`/`Host` headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If `wrangler dev --remote` was being used, an attacker could access production resources if they were bound to the worker. ### Patches This issue was fixed in `[email protected]` and `[email protected]`. Whilst `wrangler dev`'s inspector server listens on local interfaces by default as of `[email protected]`, an [SSRF vulnerability in `miniflare`](https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7) allowed access from the local network until `[email protected]...
### Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. ### Patches This issue was fixed in `[email protected]`. Wrangler will now only serve files that are part of your bundle, or referenced by your bundle's source maps. ### Workarounds Configure Wrangler to listen on local interfaces instead with `wrangler dev --ip 127.0.0.1`. This is the [default as of `[email protected]`](https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf), and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website. ### References - https://github.com/cloudflare/workers-sdk/pull/4532 - https://github.com/cloudflare/workers-sdk/pull/4535
### Impact _What kind of vulnerability is it? Who is impacted?_ The Karmada components deployed with `karmadactl`, `karma-operator`, and `helm chart` take Golang default cipher suites as part of the TLS protocol, which includes the insecure algorithm. Referring to https://github.com/golang/go/issues/41476#issuecomment-694914728, the 3DES algorithm vulnerability is very unlikely to be attacked. However, to address the concerns and to avoid being disturbed by the security scanner, Karmada has decided to limit the cipher suites to exclude the insecure 3DES algorithm and accordingly release this security advisory. The components affected are: - karmada-apiserver - karmada-aggregated-apiserver - karmada-search - karmada-metrics-adapter - etcd ### Patches _Has the problem been patched? What versions should users upgrade to?_ From Karmada v1.8.0, when deploying Karmada with `karmadactl`, `karma-operator`, and `helm chart`, the default minimum TLS version of components(include `karmada-api...
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. ### Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. ### Original Description TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.