ghsa

### Impact This vulnerability impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). ### Patches This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`. ### Workarounds Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per our documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems...

### Impact Users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. ### Patches v16.0.2, corresponding to [0.16.2 on pkg.go.dev](https://pkg.go.dev/vitess.io/[email protected]) ### Workarounds - Always use `vtctldclient` to create shards, instead of using VTAdmin - Disable creating shards from VTAdmin using RBAC - Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called `a/b` in keyspace `commerce`, and you are running etcd, it can be deleted by doing something like ``` % etcdctl --endpoints "http://${ETCD_SERVER}" del /vitess/global/keyspaces/commerce/shards/a/b/Shard ``` ### Referenc...

### Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. ### Patches Update to version 3.3.9 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch manually. ### References https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter.

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch ### References https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6/

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f.patch ### References https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a/

### Impact This security advisory is about the user settings, which include things like preferred time zone and number of items per page in item listings. These could be accessed by the anonymous user. This impacted only the anonymous users themselves, and had no impact on logged in users. As such the impact is limited, even if custom user settings have been added, but please consider if this matters for your site. The fix ensures that only logged in users can access their user settings. ### References https://developers.ibexa.co/security-advisories/ibexa-sa-2023-002-user-settings-are-accessible-on-the-front-end-for-the-anonymous-user

The n8n package prior to version 0.216.1 for Node.js allows Directory Traversal.

The n8n package prior to 0.216.1 for Node.js allows Escalation of Privileges.

The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.