#auth

### Summary Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with `deno doc --html`. ### Details & PoC 1.) XSS in generated `search_index.js` `deno_doc` outputed a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. https://github.com/denoland/deno_doc/blob/dc556c848831d7ae48f3eff2ababc6e75eb6b73e/src/html/templates/pages/search.js#L120-L144 2.) XSS via property, method and enum names `deno_doc` did not sanitize property names, method names and enum names. ### Impact The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages.

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use `rustls::server::Acceptor::accept()` are affected. Servers that use `tokio-rustls`'s `LazyConfigAcceptor` API are affected. Servers that use `tokio-rustls`'s `TlsAcceptor` API are not affected. Servers that use `rustls-ffi`'s `rustls_acceptor_accept` API are affected.

Diversity isn't just an issue of fairness — it's about operational excellence and ensuring we have the best possible teams defending our national security.

Ubuntu Security Notice 7124-1 - Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 23 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.