#auth

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

Auto-color: New Linux backdoor malware targeting the US and Asia. Learn about its advanced evasion, persistence, and detection…

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0.

### Impact A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login. The issue occurs when a SAML authentication provider (AP) is configured (e.g. Keycloak). A newly created AP user can impersonate any user on Rancher by manipulating cookie values during their initial login to Rancher. This vulnerability could also be exploited if a Rancher user (present on the AP) is removed, either manually or automatically via the [User Retention feature](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-user-retention) with delete-inactive-user-after. More precisely, Rancher validates only a subset of input from the SAML assertion request; however, it trusts and uses values that are not properly validated. An attacker could then configure the saml_Rancher_UserID cookie and the saml_Rancher_Action cookie so that the user principal from the AP will be added to the user specified by the attacker (...

### Impact An unauthenticated stack overflow crash, leading to a denial of service (DoS), was identified in Rancher’s `/v3-public/authproviders` public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would actually be written in the API. The downstream clusters, i.e., the clusters managed by Rancher, are not affected by this issue. This vulnerability affects those using external authentication providers as well as Rancher’s local authentication. ### Patches The patch includes the removal of unnecessary HTTP methods of the specific API. Patched versions include releases `v2.8.13`, `v2.9.7` and `v2.10.3`. ### Workarounds There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Rancher Manager that contains the fix. ### References If you have any questions or comments about this advisory: - Reach out to the [SUSE Rancher Security team](h...

### Impact A vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as the execution command (instead of the token directly being in the kubeconfig). Note that this token is not the kubeconfig token and if an attacker is able to intercept it they can't use it to impersonate a real user since it is encrypted. This happens because for SAML-based authentication providers, the login flow from the CLI works by generating a link to be pasted in the browser, and then polling every 10 seconds for the `/v3-public/authTokens/<token name>` endpoint. The `<token name>` is randomly generated by the CLI. Once the login flow succeeds, Rancher creates an auth token (with an encrypted token value). The CLI then deletes the authToken. Rancher deployments using only the loc...

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and…

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9.

While countries and companies are fighting over access to encrypted files and chats, our data privacy may get crushed.

Angry Likho APT resurfaces, targeting Russian and Belarusian organizations with Lumma Stealer malware via phishing attacks, stealing credentials, banking data, and more.