Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-c339-mwfc-fmr2: Openshift Hive Exposes VCenter Credentials via ClusterProvision

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

ghsa
#vulnerability#kubernetes#auth
GHSA-xmvv-w44w-j8wx: Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

GHSA-v432-7f47-9g94: PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash

## Summary PostQuantum-Feldman-VSS, in versions ≤0.7.6b0, is vulnerable due to its dependency on gmpy2, which can crash the Python interpreter if memory allocation fails. This can be exploited for denial-of-service attacks, impacting the availability of systems using the library. ## Description The vulnerability arises from gmpy2’s behavior, as noted in its documentation: > gmpy2 can crash the Python interpreter in case of memory allocation failure ([gmpy2 Overview](https://gmpy2.readthedocs.io/en/latest/overview.html)) This stems from gmpy2’s reliance on the GMP library, which terminates the program when memory allocation fails ([GMP Memory Management](https://gmplib.org/manual/Memory-Management)). An attacker can exploit this by crafting inputs that exhaust memory, causing the interpreter to crash and disrupting service for legitimate users. ## Impact - **Availability**: High impact, as the interpreter crash leads to complete denial of service. - **Confidentiality and Integrity*...

GHSA-w6fv-6gcc-x825: Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

### Impact Zincati ships a polkit rule which allows the `zincati` system user to use the following actions: - `org.projectatomic.rpmostree1.deploy`: used to deploy updates to the system - `org.projectatomic.rpmostree1.finalize-deployment`: used to reboot the system into the deployed update Since Zincati [v0.0.24](https://github.com/coreos/zincati/releases/tag/v0.0.24), this polkit rule contains a logic error which broadens access of those polkit actions to any unprivileged user rather than just the `zincati` system user. In practice, this means that any unprivileged user with access to the system D-Bus socket is able to deploy older Fedora CoreOS versions (which may have other known vulnerabilities). Note that rpm-ostree enforces that the selected version must be from the same branch the system is currently on so this cannot directly be used to deploy an attacker-controlled update payload. This primarily impacts users running untrusted workloads with access to the system D-Bus sock...

GHSA-89xp-c3mq-qj84: gurk (aka gurk-rs) mishandles ANSI escape sequences

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

GHSA-pwf9-q62p-v7wc: Wire has Uncontrolled Recursion on Nested Groups

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

GHSA-jrqj-6vq2-7r63: onos-lib-go allows an index out-of-range panic

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

GHSA-mrrh-fwg8-r2c3: tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were not originally affected, but were modified by a threat actor to point at commit 0e58ed8, which contains the malicious updateFeatures code.)

GHSA-6m2c-76ff-6vrf: Qiskit allows arbitrary code execution decoding QPY format versions < 13

### Impact A maliciously crafted QPY file containing can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. ### Patches Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2

GHSA-r8gc-qc2c-c7vh: Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

**Description:** The `secure_redundant_execution` function in feldman_vss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between redundant executions 2. The constant-time comparison implementation in Python is subject to timing variations 3. The randomized execution order and timing provide insufficient protection against sophisticated fault attacks 4. The error handling may leak timing information about partial execution results These limitations make the protection ineffective against targeted fault injection attacks, especially from attackers with physical access to the hardware. **Impact:** A successful fault injection attack could allow an attacker to: 1. Bypass the redundancy check mechanisms 2. Extract secret polynomial coefficients during share generation or verification 3. Force the acceptance of inva...