Source
ghsa
### Impact An attacker can use XSS to send a malicious script to any user through Image/Video thumbnail config ### Patches Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14472.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14472.patch manually. ### References https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39/
### Impact An attacker can use XSS to send a malicious script to any user through Document Page Link Editable -> Advanced -> Attributes ### Patches Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14500.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14500.patch manually. ### References https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17/
Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that p256PointAdd[Affine]Asm won't return the correct value if the two inputs are equal. This was (undocumentedly) ignored in the scalar multiplication loops because as long as the input point is not the identity and the scalar is lower than the order of the group, the addition inputs can't be the same. As part of the math/big rewrite, we went however from always reducing the scalar to only checking its length, under the incorrect assumption that the scalar multiplication loop didn't require reduction.
### Description On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. ### Impact An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. later, an another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. ### Impacted versions Grafana versions 9.2.x. and 9.3.x ### Solutions and mitigations Up...
### Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. ### Impact An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. ### Patches Version [v0.2.0](https://github.com/kitabisa/teler-waf/releases/tag/v0.2.0) includes a patch for this vulnerability. ### Workarounds We adv...
### Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. ### Impact An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. ### Patches Version [v0.1.1](https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1) includes a patc...
### Impact An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. ### Patches Patched in juju 2.9.38 and juju 3.0.3 [juju/juju#ef803e2](https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556) ### Workarounds Limit read access to the controller model to only trusted users.
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
### Overview Lemur was using insecure random generation for its example configuration file, as well as for some utilities. ### Impact The potentially affected generated items include: | Configuration item | Config option name (if applicable) | Documentation link (if applicable) | Rotation option | Code reference(s) | | ----------- | ----------- | ----------- | ----------- |----------- | | Flask session secret | `SECRET_KEY` | [Flask documentation](https://flask.palletsprojects.com/en/2.2.x/config/#SECRET_KEY) | Generate a new secret and place in config; all existing sessions will be invalidated | N/A, internal to Flask | | Lemur token secret | `LEMUR_TOKEN_SECRET` | [Lemur's configuration documentation](https://lemur.readthedocs.io/en/latest/administration.html#configuration) | Generate a new secret and place in config; all existing JWTs will be invalidated and must be regenerated (including API keys) | [1](https://github.com/Netflix/lemur/blob/1b61194a936240103f3c232...