Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Red Hat Security Advisory 2024-9485-03

Red Hat Security Advisory 2024-9485-03 - Control plane Operators for RHOSO 18.0.3. Issues addressed include a memory exhaustion vulnerability.

Packet Storm
#vulnerability#red_hat#js#auth#ssl
Red Hat Security Advisory 2024-9474-03

Red Hat Security Advisory 2024-9474-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9458-03

Red Hat Security Advisory 2024-9458-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9457-03

Red Hat Security Advisory 2024-9457-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote shell upload vulnerability.

GHSA-xhg6-9j5j-w4vf: DotNetZip Directory Traversal vulnerability

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-g8r3-2v89-j6r5: Moodle IDOR when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

How CISOs Can Lead the Responsible AI Charge

CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.

GHSA-f3cw-hg6r-chfv: Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI

### Summary Missing `normalizePath` in the function `FileHelper::absolutePath` could lead to Remote Code Execution on the server via twig SSTI. `(Post-authentication, ALLOW_ADMIN_CHANGES=true)` ### Details Note: This is a sequel to [CVE-2023-40035](https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw) In [`src/helpers/FileHelper.php#L106-L137`](https://github.com/craftcms/cms/blob/5e56c6d168524ed02f0620c9bc1c9750f5b94e3b/src/helpers/FileHelper.php#L106-L137), the function `absolutePath` returned `$from . $ds . $to` without path normalization: ```php /** * Returns an absolute path based on a source location or the current working directory. * * @param string $to The target path. * @param string|null $from The source location. Defaults to the current working directory. * @param string $ds the directory separator to be used in the normalized result. Defaults to `DIRECTORY_SEPARATOR`. * @return string * @since 4.3.5 */ public static function absolutePath( ...

GHSA-jrh5-vhr9-qh7q: Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

### Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double `file://` scheme (e.g., `file://file:////`). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with [allowAdminChanges enabled](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges). https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production ### Details The issue lies in line 57 of `cms/src/helpers/FileHelper.php`, it only removes `file://` on the most left. It is trivial to bypass this sanitization by adding 2 `file://`, e.g. `file://file:////`. ```php public static function normaliz...

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday 

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.