ghsa

### Impact This vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. ### Patches This problem has not been patched and is not going to be patched in the future: Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. ### Workarounds Message Stream is disabled by default, it's advised to keep it disabled from Administration > Social > Message Stream. ### References * https://jira.xwiki.org/browse/XWIKI-17154

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.

Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override property to a post via the Wrangler plugin, provided both the AI and Wrangler plugins are enabled.

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA.

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived.

## Advisory The management of JetStream assets happens with messages in the `$JS.` subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. ### Affected versions NATS Server: * Version 2 from v2.2.0 onwards, prior to v2.11.1 or v2.10.27 ----- ## Original Report (Lightly edited to confirm some supposition and in the summary to use past tense) ### Summary nats-server did not include authorization checks on 4 separate admin-level JetStream APIs: account purge, server remove, account stream move, and account stream cancel-move. In all cases, APIs are not properly restricted t...

### Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The [xgrammar](https://xgrammar.mlc.ai/docs/) library is the default backend used by vLLM to support structured output (a.k.a. guided decoding). Xgrammar provides a required, built-in cache for its compiled grammars stored in RAM. xgrammar is available by default through the OpenAI compatible API server with both the V0 and V1 engines. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service by consuming all of the system's RAM. Note that even if vLLM was configured to use a different backend by default, it is still possible to choose xgrammar on a per-request basis using the `guided_decoding_backend` key of the `extra_body` field ...

### Summary An attacker with the ability to create Kyverno policies in a Kubernetes cluster can use Service Call functionality to perform SSRF to a server under their control in order to exfiltrate data. ### Details According to the documentation, Service Call is intended to address services located inside the Kubernetes cluster, but this method can also resolve external addresses, which allows making requests outside the Kubernetes cluster. https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-service-calls ### PoC Create a slightly modified Cluster Policy from the documentation. In the url we specify the address of a server controlled by the attacker, for example Burp Collaborator. ```yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: check-namespaces spec: rules: - name: call-extension match: any: - resources: kinds: - ConfigMap context: - name: result apiCall: method: P...

### Summary The [AWS Cloud Development Kit (AWS CDK)](https://aws.amazon.com/cdk/) is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "[constructs](https://docs.aws.amazon.com/cdk/v2/guide/constructs.html)," which are organized into a hierarchical tree structure. One of the features of this framework is the ability to call "[Aspects](https://docs.aws.amazon.com/cdk/v2/guide/aspects.html)," which are mechanisms to set configuration options for all AWS Resources in a particular part of the hierarchy at once. Aspect execution happens in a specific order, and the last Aspect to execute controls the final values in the template. AWS CDK version [2.172.0](https://github.com/aws/aws-cdk/releases/tag/v2.172.0) introduced a new priority system for Aspects. Prior to this version, CDK would run Aspects based on hierarchical lo...