#auth

Red Hat Security Advisory 2024-6886-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6882-03 - A new image is available for Red Hat Single Sign-On 7.6.11, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include a privilege escalation vulnerability.

SPIP BigUp version 4.2.15 suffers from a remote PHP code injection vulnerability.

Red Hat Security Advisory 2024-6880-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6879-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

Red Hat Security Advisory 2024-6878-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include a privilege escalation vulnerability.

Teacher Subject Allocation Management System version 1.0 suffers from a cross site scripting vulnerability.

# Security Advisory: Multiple Vulnerabilities in Navidrome ## Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. ## Details ### ORM Leak When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`: ``` GET /api/user?_end=36&_order=DESC&password=AAA% ``` This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. (Also, any reason for using encryp...

### Impact Clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP (non-SSL) or redirect responses, which could cause confidentiality leaks if combined with a separate MITM attack. ### Patches v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. ### Workarounds Nginx has a [underscores_in_headers](https://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers) configuration variable to discard these headers at the proxy level. Any users that are implicitly trusting the proxy defined headers for security or availability should immediately cease doing so until upgraded to the fixed versions.