Source
ghsa
## Impact Under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. Only IPv6 traffic is impacted by this vulnerability. This issue only manifests when: * Cilium is routing IPv6 traffic, and * Kube-proxy is used for service handling, and * NodePorts are used to route traffic to pods. IPv6 is disabled by default. Cilium's kube-proxy replacement feature is not affected by this vulnerability. ## Patches The problem has been fixed and is available on versions >=1.11.15, >=1.12.8, >=1.13.1 ## Workarounds Disable IPv6 routing (IPv6 is disabled by default). ## Acknowledgements The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Yusuke Suzuki for both highlighting and fixing the issu...
### Impact An attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. ### Patches The issue has been fixed and is available on versions >=1.11.15, >=1.12.8, >=1.13.1. ### Workarounds [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. ### References * [PR containing resolution](https://github.com/cilium/cilium/pull/24075) ### Acknowledgements The Cilium community has worked together with members of Isovalent and Form3 to prepare these mitigations. Special thanks to Anastasios Kou...
### Impact The quoting is not done properly in UUID DAO model, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. ### Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch ### Workarounds Apply https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch manually. ### References #14633
### Impact An attacker can use XSS to send a malicious script to an unsuspecting user. ### Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14669.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14669.patch manually. ### References https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
Impact Give that CORS configuration was not correct, an attacker could use [play-with-docker.com](http://play-with-docker.com/) as an example, set origin header in http request as [evil-play-with-docker.com](http://evil-play-with-docker.com/), it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patches It has been fixed in lastest version, Please upgrade to latest version Workarounds No, users have to upgrade version.
**Synopsis:** Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 (inclusive) and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. # 1. Impacted Products Streamilt Open Source versions between 0.63.0 and 0.80.0. # 2. Introduction On April 21, 2021, Streamlit merged a patch that fixed a cross-site scripting (XSS) vulnerability in the Streamlit open source library, without an associated public advisory. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 (inclusive), which are no longer supported. We recommend using the latest version of our library, but so long as you are not using an affected Streamlit version, no action is required. # 3. Cross Site Scripting Vulnerability ## 3.1 Description On April 20, 2021, Streamlit was informed via our support forum about a XSS vulnerability in the open ...
### Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. ### Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $e<0$, $e=1$, or $e \geq p-1$ from a misbehaving peer annd successfully performs key exchange. This is a violation of [RFC 4253, section 8](https://www.rfc-editor.org/rfc/rfc4253#section-8) and [RFC 8268, section 4](https://www.rfc-editor.org/rfc/rfc8268#section-4), which state that: >DH Public Key values MUST be checked and both conditions: > > - $1 < e < p-1$ > - $1 < f < p-1$ > > MUST be true. Values not within these bounds MUST NOT be sent or > accepted by either side. If either one of these conditions is > violated, then the key exchange fails. For example, a DH client public key $e=1$ would mean that the shared secret that the server calculates is always $K = e^y \mod{p} = 1^y \mod{p} = 1$. In other cases, an insecure order-2 subgroup...
Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14606.patch manually. ### References https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/