Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3423.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: glibc security updateAdvisory ID:        RHSA-2024:3423-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3423Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2024-2961====================================================================Summary: An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.Security Fix(es):* glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT(CVE-2024-2961)* glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)* glibc: null pointer dereferences after failed netgroup cache insertion(CVE-2024-33600)* glibc: netgroup cache may terminate daemon on memory allocation failure(CVE-2024-33601)* glibc: netgroup cache assumes NSS callback uses in-buffer strings(CVE-2024-33602)For more details about the security issue(s), including the impact,             a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2961References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2273404https://bugzilla.redhat.com/show_bug.cgi?id=2277202https://bugzilla.redhat.com/show_bug.cgi?id=2277204https://bugzilla.redhat.com/show_bug.cgi?id=2277205https://bugzilla.redhat.com/show_bug.cgi?id=2277206

Red Hat Security Advisory 2024-3423-03

Red Hat Security Advisory 2024-3422-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3422.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: linux-firmware security update  
Advisory ID:        RHSA-2024:3422-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3422  
Issue date:         2024-05-28  
Revision:           03  
CVE Names:          CVE-2022-27635  
====================================================================

Summary: 

An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

* linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635)

* linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964)

* linux-firmware: hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-27635

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2238960  
https://bugzilla.redhat.com/show_bug.cgi?id=2238961  
https://bugzilla.redhat.com/show_bug.cgi?id=2238962

Red Hat Security Advisory 2024-3422-03

Red Hat Security Advisory 2024-3421-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3421.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3421-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3421  
Issue date:         2024-05-28  
Revision:           03  
CVE Names:          CVE-2023-4244  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

* CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

Bug Fix(es):

* kdump 2nd kernel panic in call trace tick_handle_periodic (JIRA:RHEL-32889)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4244

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2235306  
https://bugzilla.redhat.com/show_bug.cgi?id=2250843  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645  
https://bugzilla.redhat.com/show_bug.cgi?id=2270836  
https://bugzilla.redhat.com/show_bug.cgi?id=2272041

Red Hat Security Advisory 2024-3421-03

Red Hat Security Advisory 2024-3418-03 - An update for rust is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3418.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rust security updateAdvisory ID:        RHSA-2024:3418-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3418Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2023-38497====================================================================Summary: An update for rust is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Rust Toolset provides the Rust programming language compiler rustc, the cargobuild tool and dependency manager, and required libraries.Security Fix(es):* rust-cargo: cargo does not respect the umask when extracting dependencies(CVE-2023-38497)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38497References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2228038

Red Hat Security Advisory 2024-3418-03

Red Hat Security Advisory 2024-3417-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3417.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: mod_http2 security updateAdvisory ID:        RHSA-2024:3417-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3417Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2024-27316====================================================================Summary: An update for mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27316References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268277

Red Hat Security Advisory 2024-3417-03

Red Hat Security Advisory 2024-3414-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3414.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:3414-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3414  
Issue date:         2024-05-28  
Revision:           03  
CVE Names:          CVE-2023-4244  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817) 

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 17 (JIRA:RHEL-32673)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4244

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2235306  
https://bugzilla.redhat.com/show_bug.cgi?id=2250843  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645  
https://bugzilla.redhat.com/show_bug.cgi?id=2272041

Red Hat Security Advisory 2024-3414-03

Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more.

Eclipse ThreadX Buffer Overflows

Ubuntu Security Notice 6793-1 - It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6793-1  
May 28, 2024

git vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Git.

Software Description:  
- git: fast, scalable, distributed revision control system

Details:

It was discovered that Git incorrectly handled certain submodules.  
An attacker could possibly use this issue to execute arbitrary code.  
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.  
(CVE-2024-32002)

It was discovered that Git incorrectly handled certain cloned repositories.  
An attacker could possibly use this issue to execute arbitrary code.  
(CVE-2024-32004)

It was discovered that Git incorrectly handled local clones with hardlinked  
files/directories. An attacker could possibly use this issue to place a  
specialized repository on their target's local system. (CVE-2024-32020)

It was discovered that Git incorrectly handled certain symlinks. An attacker  
could possibly use this issue to impact availability and integrity  
creating hardlinked arbitrary files into users repository's objects/directory.  
(CVE-2024-32021)

It was discovered that Git incorrectly handled certain cloned repositories.  
An attacker could possibly use this issue to execute arbitrary code.  
(CVE-2024-32465)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  git                             1:2.43.0-1ubuntu7.1

Ubuntu 23.10  
  git                             1:2.40.1-1ubuntu1.1

Ubuntu 22.04 LTS  
  git                             1:2.34.1-1ubuntu1.11

Ubuntu 20.04 LTS  
  git                             1:2.25.1-1ubuntu3.12

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6793-1  
  CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021,  
  CVE-2024-32465

Package Information:  
  https://launchpad.net/ubuntu/+source/git/1:2.43.0-1ubuntu7.1  
  https://launchpad.net/ubuntu/+source/git/1:2.40.1-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.11  
  https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.12

Ubuntu Security Notice USN-6793-1

Ubuntu Security Notice 6791-1 - It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update introduces certain resource limits to make the impact from Unbound significantly lower.

==========================================================================  
Ubuntu Security Notice USN-6791-1  
May 28, 2024

unbound vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Unbound could be made to take part in a denial of service attack.

Software Description:  
- unbound: validating, recursive, caching DNS resolver

Details:

It was discovered that Unbound could take part in a denial of service  
amplification attack known as DNSBomb. This update introduces certain  
resource limits to make the impact from Unbound significantly lower.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libunbound8                     1.19.2-1ubuntu3.1  
   unbound                         1.19.2-1ubuntu3.1

Ubuntu 23.10  
   libunbound8                     1.17.1-2ubuntu0.2  
   unbound                         1.17.1-2ubuntu0.2

Ubuntu 22.04 LTS  
   libunbound8                     1.13.1-1ubuntu5.5  
   unbound                         1.13.1-1ubuntu5.5

Ubuntu 20.04 LTS  
   libunbound8                     1.9.4-2ubuntu1.6  
   unbound                         1.9.4-2ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6791-1  
   CVE-2024-33655

Package Information:  
   https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubuntu3.1  
   https://launchpad.net/ubuntu/+source/unbound/1.17.1-2ubuntu0.2  
   https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubuntu5.5  
   https://launchpad.net/ubuntu/+source/unbound/1.9.4-2ubuntu1.6

Ubuntu Security Notice USN-6791-1

HAWKI version 1.0.0-beta.1 before commit 146967f suffers from cross site scripting, arbitrary file overwrite, and session fixation vulnerabilities.

  SEC Consult Vulnerability Lab Security Advisory < 20240527-0 >  
=======================================================================  
               title: Multiple vulnerabilities  
             product: HAWKI (Interaction Design Team at the University of Applied  
                      Sciences and Arts in Hildesheim/Germany)  
  vulnerable version: 1.0.0-beta.1, versions before commit 146967f  
       fixed version: Github commit 146967f  
          CVE number: CVE-2024-25975, CVE-2024-25976, CVE-2024-25977  
              impact: high  
            homepage: https://github.com/HAWK-Digital-Environments/HAWKI  
               found: 2024-03-05  
                  by: Florian Stuhlmann (Office Bochum)  
                      Thorger Jansen (Office Bochum)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"HAWKI is a didactic interface for universities based on the OpenAI API.  
It is not necessary for users to create an account, the university ID  
is sufficient for login - no user-related data is stored."

Source: https://github.com/HAWK-Digital-Environments/HAWKI

Business recommendation:  
------------------------  
The vendor provides a patch which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the  
product conducted by security professionals to identify and resolve potential  
further security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Arbitrary File Overwrite (CVE-2024-25975)  
The application implements an up- and downvote function which alters a  
value within a JSON file. The POST parameters are not filtered properly  
and therefore an arbitrary file can be overwritten. The file can be  
controlled by an authenticated attacker, the content cannot be controlled.  
It is possible to overwrite all files for which the webserver has write access.  
It is required to supply a relative path (path traversal).

2) Reflected Cross-Site-Scripting (CVE-2024-25976)  
When LDAP authentication is activated in the configuration it is possible  
to obtain reflected XSS execution by creating a custom URL that the  
victim only needs to open in order to execute arbitrary JavaScript code in  
the victim's browser.

3) Session Fixation (CVE-2024-25977)  
The application does not change the session token when using the login or  
logout functionality. An attacker can set a session token in the victim's  
browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect  
to the login page). This results in the victim's account being taken over.

Proof of concept:  
-----------------  
1) Arbitrary File Overwrite (CVE-2024-25975)  
The following POST request can overwrite the file "AvatarFinanzen.png". This  
file is a default file located within the "img" folder.

---  
POST /downvote.php HTTP/2  
Host: $host  
Cookie: PHPSESSID=<Session Id>  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 25

../img/AvatarFinanzen.png  
---

Both upvote.php and downvote.php are vulnerable. The vulnerable part in  
downvote.php is:

---  
[...]  
  $id = file_get_contents("php://input");  
  $sanitizedId = htmlspecialchars($id, ENT_QUOTES, 'UTF-8');  
  $file = "feedback/" . $sanitizedId;  
[...]  
  file_put_contents("feedback/$sanitizedId", json_encode($json));  
[...]  
---

2) Reflected Cross-Site-Scripting (XSS) (CVE-2024-25976)  
A call to the following URL will trigger an alertbox:

---  
https://$host/HAWKI/login.php/"><script>alert(document.cookie)</script>  
---

This is due to a fault in the file login.php where the content of  
"$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence  
the attacker does not need a valid account in order to exploit this issue  
The following code is vulnerable:

---  
[...]  
  $server = $_SERVER['PHP_SELF'];  
[...]  
  echo '<form action = "' . $server . '" class="column" method = "post" >  
[...]  
---

The vulnerability is exploitable with the Apache2 default configuration.  
For other webservers, the vulnerability might not be exploitable.

3) Session Fixation (CVE-2024-25977)  
The attacker changes the value of PHPSESSID within the victim's browser to  
something like "abc". An attacker with the same value for PHPSESSID is now  
authenticated as well after the victim uses successfully logs in.

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested which was the latest version available  
at the time of the test:  
* 1.0.0-beta.1

Vendor contact timeline:  
------------------------  
2024-03-21: Contacting vendor through email referenced on Github  
2024-03-22: Asking about email encryption, sending report unencrypted  
             as requested.  
2024-04-17: Asked the vendor again to receive details regarding the timeline.  
2024-04-18: Vendor provides a patch pushed to the public repository.  
2024-05: Fix verification phase.  
2024-05-27: Release of security advisory.

Solution:  
---------  
The vendor provides a patch which can be downloaded from  
https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1

Workaround:  
-----------  
No workaround available.

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Florian Stuhlmann & Thorger Jansen / @2024