Gentoo Linux Security Advisory 202305-28 - Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service. Versions greater than or equal to 1.33 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: snakeyaml: Multiple Vulnerabilities  
     Date: May 21, 2023  
     Bugs: #776796, #868621  
       ID: 202305-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in snakeyaml, the worst of  
which could result in denial of service.

Background  
=========  
snakeyaml is a YAML 1.1 parser and emitter for Java.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
dev-java/snakeyaml  < 1.33        >= 1.33

Description  
==========  
Multiple vulnerabilities have been discovered in snakeyaml. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All snakeyaml users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-java/snakeyaml-1.33"

References  
=========  
[ 1 ] CVE-2017-18640  
      https://nvd.nist.gov/vuln/detail/CVE-2017-18640  
[ 2 ] CVE-2022-38749  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38749  
[ 3 ] CVE-2022-38750  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38750  
[ 4 ] CVE-2022-38751  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38751  
[ 5 ] CVE-2022-38752  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38752

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-28

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-28

Gentoo Linux Security Advisory 202305-27 - A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure. Versions greater than or equal to 1.8.3-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Tinyproxy: Memory Disclosure  
     Date: May 21, 2023  
     Bugs: #871924  
       ID: 202305-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Tinyproxy which could be used to  
achieve memory disclosure.

Background  
=========  
Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating  
systems.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
net-proxy/tinyproxy  < 1.8.3-r3    >= 1.8.3-r3

Description  
==========  
Tinyproxy's request processing does not sufficiently null-initialize  
variables used in error pages.

Impact  
=====  
Contents of the Tinyproxy server's memory could be disclosed via  
generated error pages.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Tinyproxy users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"

References  
=========  
[ 1 ] CVE-2022-40468  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40468

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-27

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-27

Gentoo Linux Security Advisory 202305-25 - Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF. Versions greater than or equal to 3.3.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities  
     Date: May 21, 2023  
     Bugs: #822003, #872077  
       ID: 202305-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in ModSecurity Core Rule  
Set, the worst of which could result in bypassing the WAF.

Background  
=========  
Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  ------------  
www-apache/modsecurity-crs  < 3.3.4       >= 3.3.4

Description  
==========  
Multiple vulnerabilities have been discovered in OWASP ModSecurity Core  
Rule Set. Please review the CVE identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All OWASP ModSecurity Core Rule Set users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apache/modsecurity-crs-3.3.4"

References  
=========  
[ 1 ] CVE-2021-35368  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35368  
[ 2 ] CVE-2022-39955  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39955  
[ 3 ] CVE-2022-39956  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39956  
[ 4 ] CVE-2022-39957  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39957  
[ 5 ] CVE-2022-39958  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39958

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-25

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-25

Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: MediaWiki: Multiple Vulnerabilities  
     Date: May 21, 2023  
     Bugs: #815376, #829302, #836430, #855965, #873385, #888041  
       ID: 202305-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in MediaWiki, the worst of  
which could result in denial of service.

Background  
=========  
MediaWiki is a collaborative editing software, used by big projects like  
Wikipedia.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
www-apps/mediawiki  < 1.25.2      >= 1.25.2

Description  
==========  
Multiple vulnerabilities have been discovered in MediaWiki. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MediaWiki users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5"

References  
=========  
[ 1 ] CVE-2021-41798  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41798  
[ 2 ] CVE-2021-41799  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41799  
[ 3 ] CVE-2021-41800  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41800  
[ 4 ] CVE-2021-44854  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44854  
[ 5 ] CVE-2021-44855  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44855  
[ 6 ] CVE-2021-44856  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44856  
[ 7 ] CVE-2021-44857  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44857  
[ 8 ] CVE-2021-44858  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44858  
[ 9 ] CVE-2021-45038  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45038  
[ 10 ] CVE-2022-28202  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28202  
[ 11 ] CVE-2022-28205  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28205  
[ 12 ] CVE-2022-28206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28206  
[ 13 ] CVE-2022-28209  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28209  
[ 14 ] CVE-2022-31090  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31090  
[ 15 ] CVE-2022-31091  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31091  
[ 16 ] CVE-2022-34911  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34911  
[ 17 ] CVE-2022-34912  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34912  
[ 18 ] CVE-2022-41765  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41765  
[ 19 ] CVE-2022-41766  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41766  
[ 20 ] CVE-2022-41767  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41767  
[ 21 ] CVE-2022-47927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47927

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-24

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-24

Gentoo Linux Security Advisory 202305-26 - Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. Versions greater than or equal to 2.1.3-r7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: LibreCAD: Multiple Vulnerabilities  
     Date: May 21, 2023  
     Bugs: #825362, #832210  
       ID: 202305-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in LibreCAD, the worst of  
which could result in denial of service.

Background  
=========  
LibreCAD is a generic 2D CAD program.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
media-gfx/librecad  < 2.1.3-r7    >= 2.1.3-r7

Description  
==========  
Multiple vulnerabilities have been discovered in LibreCAD. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LibreCAD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/librecad-2.1.3-r7"

References  
=========  
[ 1 ] CVE-2021-21898  
      https://nvd.nist.gov/vuln/detail/CVE-2021-21898  
[ 2 ] CVE-2021-21899  
      https://nvd.nist.gov/vuln/detail/CVE-2021-21899  
[ 3 ] CVE-2021-21900  
      https://nvd.nist.gov/vuln/detail/CVE-2021-21900  
[ 4 ] CVE-2021-45341  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45341  
[ 5 ] CVE-2021-45342  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45342  
[ 6 ] CVE-2021-45343  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45343

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-26

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5408-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
May 21, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libwebp  
CVE ID         : CVE-2023-1999  
Debian Bug     : 1035371

Irvan Kurniawan discovered a double free in the libwebp image compression  
library which may result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in  
version 0.6.1-2.1+deb11u1.

We recommend that you upgrade your libwebp packages.

For the detailed security status of libwebp please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/libwebp

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmRqXHAACgkQEMKTtsN8  
TjYWbA//X8f1KXJF3/lm3Nvrnfzn0+8fkaKFXug7itX0e9QI1UPfynJQpVHhvvYv  
0FCi6GUhzWh79agIb3vzppMR3HcgGZj4gLE6bQ5AWa0Jx9kpdeE+UuYA4y8egO4+  
wSaUg8aL71vjATO1yuANEgduLDazj05MgG1o+DwTB0kXdku/50OSOBD03GBfv0EQ  
z1CLFmSh1JlXFak9G9ggq/WUixue8SgoNGV7S3cTJ5DJb1lFg4GtlXUFOGbO62dE  
BZHMacNmiqnIVCM8DOLpWvN+miZgUeBWuV4mcfa6DOu4w6vDUz4wDINOSQb10crK  
3xbhQbCpKQKEa/uIDm89VxJfNSXCOn+TmXr1TY3r47a7TGS8a7b+9Ol4QkT/zk9s  
c/1M9/+/7dDPf/RZYoX0yNEakEDlU2kBiSj0IVSQzWWuRi/oJSdgHjvDOXRmLeT1  
BK/uvmhCoLK4iWILndfD+muMO3A326dk4luex7QMaW5LfN0ZOPOJAddLNTQiBEZ0  
ovBKnw3LLpnT15iJcW0Y+xz9YajEsVXPxKDVuUAdHgniHevOqRF3JQsfEIsCKUnR  
sSh7pVGh7PFbvmRyJsnEcZ2vPpCWqDOkofCT49xxpkiF/8tJS0EpmDialceBpJeY  
/UKMzuGWUEivzTk7QoEdjGCFewi7Qorcsv4uFvulZ5wdGFuaVtcoa8  
-----END PGP SIGNATURE-----

Debian Security Advisory 5408-1

Debian Linux Security Advisory 5407-1 - It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5407-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoMay 21, 2023                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : cups-filtersCVE ID         : CVE-2023-24805Debian Bug     : 1036224It was discovered that missing input sanitising in cups-filters, whenusing the Backend Error Handler (beh) backend to create an accessiblenetwork printer, may result in the execution of arbitrary commands.For the stable distribution (bullseye), this problem has been fixed inversion 1.28.7-1+deb11u2.We recommend that you upgrade your cups-filters packages.For the detailed security status of cups-filters please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/cups-filtersFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRqIcNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Q/TQ//eDHbekYkCVNTzg+F+bWhG/PboO6n5Xs2eQCrYmObK4DEXx/lUvpIh77uH5EHwMcJaYQpoaDoxJH6ETtGZ+PHsHcf9hjcg3GWhWt1tQ93UIgW3o0y/piyfTySOIsNv2lk1F7FMvfUOYS/xHxbRdNPKYcEUUqcMJT4Lmj7RS0LpOWpiisxS8BwgUYiAL9ZtyOZTx6R/TXIWkAlR/KW+5OWyRC8SnYaesr2nkTabnwfuDs2RRLj0mUNIKd5Buj2NsRoEQ1diugBM2/3XHPJaeoCgZeoh2JzZ2V84JRbSxyNVJNJJh+Ot4ONO/Y87PrXH7HQPgAyhikKyfgs0OTisHPC32Ezds8lB96eBE7yuy8Oi09vu1WtvQgm9xAd3sCNgb/PMx8ONTwxLkSfb4tElcNPcjYpMzXJmKIBr4AE8vs3SY2oGyEfeBdj8v2oM62HFxHlPvc2+9KSIh5TLWTvr0Qkpn0etwp7wO+e1M8dCswIQRyimwg6Rfduxi0+Yr9Fw+vWwh/c9JAg3SdNerGPNB7IWXCQ11+qWk3ai36wqsxMwZC81kTWeFRzaFEl5xeMWkeCpi91CZr1LM3RKj7UySMLwI/m2BLGEvz11jVZUSW3xu/2UOTD1q1vSr9gTwj2cg6u1RQDzitAqZbxe1aXxwrbnlCTxtnriBD7iqTvb0yQ20A=upCN-----END PGP SIGNATURE-----

Debian Security Advisory 5407-1

Debian Linux Security Advisory 5406-1 - Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5406-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoMay 20, 2023                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : texlive-binCVE ID         : CVE-2023-32700Max Chernoff discovered that improperly secured shell-escape in LuaTeXmay result in arbitrary shell command execution, even with shell escapedisabled, if specially crafted tex files are processed.For the stable distribution (bullseye), this problem has been fixed inversion 2020.20200327.54578-7+deb11u1.We recommend that you upgrade your texlive-bin packages.For the detailed security status of texlive-bin please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/texlive-binFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRogV1fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Q8Mw//dU+/D/UBb2JkwXlEIokR3DA2T8caFdICcRICYBEAZCGIonM2uzbUIy5DbRtAit45gOqWY+VS+Z0zuPPTzUek7m99+L3yjXg9FSW1qsWVgBQu6w+L9CBDQBf0KUbzaXgAsqQoxzul08SwQY3gQV620PuNpt20HfVM4QUR03r92QHH1pSPzA6nWzcRUYoj8rK2F0NYish95yuLrU+sRCw5LWbPpQkwDFw6L37Ml0GQJ6lIa/2jhHrUe/VRD4PU9knWeYcudegUNjt5UfbLk2DWR99zaIazBJUazBFoBiLJwx9b6UqvJHzyvdQFO9v6zRC+Ds9jIpbV0fwVRSRqaxYB23SgpJXp7gB0lVhWDFFLJ9EkI8sftsgTwEhPxfZ1xHrzdIfWjmuIHo4+HQhDUzikJNe7HYlLP6vE1LszGMJhusrbxkgjJqcqSH+JZdaw4IzfVYd9ms0Kc0Ec5N1DABOW4UoN5//gq13Ny43QW/K8wzzEKFnwe84FPEwzFe5iMfZswjXsCyn3Se/fJWcFp082TW6iOOegcJaYD/YcbzmKigJv8L8XlyLNjaEVOyXsdY6AQlXSRp7bbcMtmqoH2b3wsS5KX4mD+XJ+sJynbSW8xwMRiqOan3h0PtL87RHEiBCbeqznhdkZbs5NDVURUqT+Jy5+yUlHc5+BFqVNQ4e9LsA=3/W/-----END PGP SIGNATURE-----

Debian Security Advisory 5406-1

W3 Eden Download Manager versions 3.2.70 and below suffer from a persistent cross site scripting vulnerability via ShortCode.

    W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager.On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.All Wordfence Premium, Wordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection.We contacted W3 Eden on April 25, 2023, and promptly received a response. After providing full disclosure details, the developer released a patch on May 1, 2023. We would like to commend the W3 Eden development team for their prompt response and timely patch.We urge users to update their sites with the latest patched version of Download Manager, version 3.2.71 at the time of this writing, as soon as possible.READ THIS POST ON THE BLOGVulnerability Summary from Wordfence IntelligenceDescription: Download Manager <= 3.2.70 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected Plugin: Download ManagerPlugin Slug: download-managerAffected Versions: <= 3.2.70CVE ID: CVE-2023-2305CVSS Score: 6.4 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NResearcher/s: Lana CodesFully Patched Version: 3.2.71The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpdm_members’, ‘wpdm_login_form’, ‘wpdm_reg_form’ shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Technical AnalysisDownload Manager is a plugin designed to allow WordPress users to manage, track and control file downloads. It provides a shortcode ([wpdm_members]) that lists the authors and the number of files they have added when added to a WordPress page. However, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the code reveals that the members method in the User class did not adequately sanitize the user-supplied ‘sid’ input, and then loads the members.php view file, where it also did not adequately escape ‘sid’ output. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘sid’ attribute.[View the Code Snippets on the Blog]  There are two other shortcodes, a login form shortcode ([wpdm_login_form]) and a registration form shortcode ([wpdm_reg_form]), that add forms to a WordPress site. However, the insecure implementation of these two shortcode functions, similar to the previous example, also allows arbitrary web scripts to be inserted into these pages. Examining the code reveals that the functions of both forms do not adequately sanitize the user-supplied ‘logo’ input, and in the view files these ‘logo’ outputs are not adequately escaped.[View the Code Snippets on the Blog]  These make it possible for threat actors to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.Disclosure TimelineApril 25, 2023 – Wordfence Threat Intelligence team discovers the stored XSS vulnerability in Download Manager and initiates responsible disclosure.April 27, 2023 – We get in touch with the development team at W3 Eden and send full disclosure details.May 1, 2023 – The fully patched version, 3.2.71, is released.May 3, 2023 – The vendor notified Wordfence that they released the patch.May 3, 2023 – Wordfence confirms the fix addresses the vulnerability.ConclusionIn this blog post, we have detailed a stored XSS vulnerability within the Download Manager plugin affecting versions 3.2.70 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page. The vulnerability has been fully addressed in version 3.2.71 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of Download Manager.All Wordfence users, including those running Wordfence Premium, Wordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

W3 Eden Download Manager 3.2.70 Cross Site Scripting

In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation.

CVE-2023-33291

[Description]  
In eBankIT 6, the public endpoints /public/token/Email/generate and  
/public/token/SMS/generate allow generation of OTP messages to any email  
address or phone number without validation.  
------------------------------------------

[Additional Information]  
The cookies in the request are not needed, they can be empty.

------------------------------------------

[Vulnerability Type]  
Insecure Permissions

------------------------------------------

[Vendor of Product]  
eBankIT

------------------------------------------

[Affected Product Code Base]  
eBankIT - Version 6

------------------------------------------

[Affected Component]  
Public API Endpoint: /public/token/Email/generate  
Public API Endpoint: /public/token/SMS/generate

------------------------------------------

[Attack Type]  
Remote

------------------------------------------

 [Impact Denial of Service]  
 true

------------------------------------------  
[CVE Impact Other]  
Because these endpoints are public, and the values of the cookies are not  
required, a threat actor could potentially leverage this functionality to  
create a more realistic social engineering scenario that could potentially  
affect clients.

------------------------------------------  
[Attack Vectors]  
To exploit this vulnerability, an attacker must intercept the request to  
the api public endpoint: /public/token/Email/generate or  
/public/token/SMS/generate. The attacker can modify the parameters to  
choose which email or phone number the OTP would go to. This request can be  
used without any type of restriction.

 ------------------------------------------

 [Discoverer]  
Steeven Rodríguez

Source

Packet Storm