Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-c9hw-557q-f8hq: Pimcore vulnerable to SQL Injection in Dataobjects sorting

### Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. ### Patches Update to version 10.6.5 or apply this patch manually https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch manually. ### References https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db/

ghsa
Open in Source
#sql#git
GHSA-87f6-8gr7-pc6h: KubePi may leak password hash of any user

### Summary http://kube.pi/kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password of any user (including admin). This leads to password crack attack ### PoC https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview ### Impact - Leaking confidential information. - Can lead to password cracking attacks

GHSA-757p-vx43-fp9r: KubePi Privilege Escalation vulnerability

### Summary A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request ### PoC Change the value of the `isadmin` field in the request to true: https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview ### Impact Elevate user privileges

GHSA-59m6-82qm-vqgj: Dapr API token authentication bypass in HTTP endpoints

### Summary A vulnerability has been found in Dapr that allows bypassing [API token authentication](https://docs.dapr.io/operations/security/api-token/), which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 and 1.11.2. ### Impact This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. ### Patches The issue has been fixed in Dapr 1.10.9 and 1.11.2. ### Details When API token authentication is enabled, Dapr requires all calls from applications to include the `dapr-api-token` header, with a value matching what's included in the Dapr's configuration. In order to allow for healthchecks to work, the `/v1.0/healthz` and `/v1.0/healthz/outbound` HTTP...

GHSA-vmpv-qjhq-r463: Pimcore Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

GHSA-78q2-cv3p-x9fm: Pimcore Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

GHSA-p4ww-j4pr-qw6q: RuoYi vulnerable to Cross-site Scripting

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function `uploadFilesPath` of the component `File Upload`. The manipulation of the argument `originalFilenames` leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

GHSA-9r25-4j77-9wc7: Cockpit CMS vulnerable to incorrect access control

Incorrect access control in the component `/models/Content` of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.

GHSA-45g2-r339-pjwf: Cockpit CMS Cross-Site Request Forgery vulnerability

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

GHSA-ghg2-3w9x-9599: Alkacon OpenCMS arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.