ghsa

### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like `Clusters`, for example `cluster.management.cattle.io`. Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, `Project Members` and `User Base` on the endpoints: - `/v1/management.cattle.io.catalogs` - `/v1/management.cattle.io.cluster` - `/v1/management.cattle.io.clustertemplates` - `/v1/management.cattle.io.notifiers` - `/v1/project.cattle.io.sourcecodeproviderconfig` - `/k8s/clusters/local/apis/management.cattle.io/v3/catalogs` - `/k8s/clusters/local/apis/management.cattle.io/v3/clusters` - `/k8s/clusters/local/apis/management.catt...

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including version 19.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. Version 19.0.2 contains a patch for this issue. ### Credits Aytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM

An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled

### Impact Authenticated users can send a request to delete-objects through the s3 gateway and delete files they are not authorized to delete. ### Patches lakeFS v0.82.0 and later ### Workarounds Drop specific request to the lakeFS listen port. Any request with "Authorization" header and value that starts with "AWS". ### References [advisories/GHSA-28q9-9c3g-v3f9](https://github.com/treeverse/lakeFS/security/advisories/GHSA-28q9-9c3g-v3f9) ### For more information If you have any questions or comments about this advisory: Ask on the [lakeFS Slack](https://github.com/treeverse/lakeFS/security/advisories/lakefs.io/slack) #help channel Email us at [[email protected]](mailto:[email protected])

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.