Source
ghsa
### Vulnerability type Data Exposure ### Workarounds The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure. The [etcd doesn't encrypt key/value data stored on disk drives]( https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md#does-etcd-encrypt-data-stored-on-disk-drives). ### Detail User credentials (login and password) are stored in WAL entries on each user authentication. If the WAL log files are not secure, it can potentially expose sensitive information. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md...
### Vulnerability type Access Control ### Workarounds The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. [It is the responsibility of the administrator to enforce these requirements](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/authentication.md#notes-on-password-strength). ### Detail etcd does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users’ passwords with little computational effort. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committ...
### Vulnerability type Authentication ### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once. Therefore, if an endpoint changes its authentication settings, the gateway will continue to assume the endpoint is still authenticated. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security commit...
### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
### Impact For applications using JWT or session-based authentication (not OIDC), users can input a login string which can cause a denial of service, as parsing it will be too complex. Here is an example: https://gist.github.com/atomfrede/311f8a9c6eb74c5c5226af0481155207 The vulnerable expression was never officially released. So only when you generated an application from the master branch between 6.8.0 and 6.9.0 your generated application may be vulnerable. ### Patches If you only used official releases you don't need to patch your application. ### Workarounds If you have created an application from the master branch, you need to adapt the `LOGIN_REGEX` in `Constants.java`. If your regex is ``` ^[a-zA-Z0-9!#$&'*+=?^_`{|}~.-]+@?[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$ ``` you need to change it too ``` ^(?>[a-zA-Z0-9!$&*+=?^_`{|}~.-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*)|(?>[_.@A-Za-z0-9-]+)$ ``` If you still have `^[_.@A-Za-z0-9-]*$` there is no need to change it, except you would...
### Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. ### Patches Fixed in 2.2.1 ### Workarounds Filter user-supplied values prior to using them in From or Sender properties. ### References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
### Impact Setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. > **Note** > This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set `$secure = true` in `Config\Cookie`. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` ### Patches Upgrade to v4.2.7 or later. ### Workarounds 1. Specify the options explicitly. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, 'secure' => true, 'httponly' => true, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` 2. Use Cookie object. ```php use CodeIgniter\Cookie\Cookie; helper('cookie'); $cookie = new Cookie($name, $value); set_cookie($cookie); // or $this->response->...
### Impact The `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. ### Patches A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. ### Workarounds Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. ### References * [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761) * [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900) ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/sylabs/sif](https://github.com/sylabs/sif/issues/new) * Email us at [[email protected]](mailto:[email protected])
### Impact Reader::read_from_container can cause an infinite loop when a crafted PNG file is given. ### Patches Version 0.5.3 includes the fix. ### Workarounds No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected. ### References * <https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2> * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21235> ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/kamadak/exif-rs](https://github.com/kamadak/exif-rs)