Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-54cw-rvr3-w6cx: Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file `org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml` on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the Jenkins controller file system. Additionally, the global configuration form does not mask the token, increasing the potential for attackers to observe and capture it.

ghsa
Open in Source
#git#java#maven
GHSA-9337-8c6c-c2xg: CubeFS allows Kubernetes cluster-level privilege escalation

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.

GHSA-48wp-p9qv-4j64: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service

## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-24824](https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh) * [CVE-2023-26485](https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5) For more information, consult the release notes for version [`0.23.0.gfm.10`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10) and [`0.23.0.gfm.11`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.9`](https://rubygems.org/gems/commonmarker/versions/0.23.9).

GHSA-w4m3-43gp-x8hx: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET running on Windows where a runtime DLL can be loaded from an unexpected location, resulting in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/250 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.4 or earlier. * Any .NET 6.0 application running on .NET 6.0.15 or earlier. ## Advisory FAQ ### <a name="how-affected"...

GHSA-pxvg-2qj5-37jq: Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

### Summary Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3. libxml2 v2.10.4 addresses the following known vulnerabilities: - [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic - [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType - Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements. ### Mitigation Upgrade to Nokogiri `>= 1.14.3`. Users who are unable to upgrade Nokogiri may...

GHSA-735r-hv67-g38f: vitess allows users to create keyspaces that can deny access to already existing keyspaces

### Impact Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). ### Patches v16.0.1 (corresponding to 0.16.1 on pkg.go.dev) ### Workarounds Delete the offending keyspace using a CLI client (vtctldclient) ``` vtctldclient --server ... DeleteKeyspace a/b ``` Found during a security audit sponsored by the [CNCF](https://cncf.io) and facilitated by [OSTIF](https://ostif.org).

GHSA-7hj9-rv74-5g92: Traefik HTTP header parsing could cause a denial of service

### Impact There is a vulnerability in [Go when parsing the HTTP headers](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ), which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. ### References - [CVE-2023-24534](https://www.cve.org/CVERecord?id=CVE-2023-24534) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.9.10 - https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

GHSA-x2xw-hw8g-6773: govuk_tech_docs vulnerable to unescaped HTML on search results page

### Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to exploit it, an attacker would need to find a way of committing malicious code to a page indexed by a site that uses tech-docs-gem (which are typically not editable by untrusted users). Their code would also be limited by the relatively short length that's rendered in the corresponding search result. Nevertheless, the XSS would then be triggerable by visiting a pre-constructed URL (/search/index.html?q=some+search+term), which users could be tricked into clicking on through social engineering. ### Patches This has been fixed in v3.3.1. HTML is now sanitised in search results.

GHSA-f8vr-r385-rh5r: hyper and h2 vulnerable to denial of service

Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in hyper v0.13.7 and h2 v0.2.4 when proessing header frames. Both packages incorrectly process the HTTP2 `RST_STREAM` frames by not always releasing the memory immediately upon receiving the reset frame, leading to stream stacking. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). As of time of publication of this advisory, there is no evidence of a fix having been incorporated into hyper or h2.

GHSA-65v8-6pvw-jwvq: Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc.