#auth

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPC80 Central Processing/Communication, CPCI85 Central Processing/Communication, OPUPI0 AMQP/MQTT, SICORE Base system Vulnerabilities: Improper Null Termination, Command Injection, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process, allow an authenticated privileged remote attacker to execute arbitrary code with root privileges, or lead to a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The fo...

Phishers are using new authentication-in-the-middle techniques to dupe victims into providing their login and MFA credentials.

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.

Automation can help increase efficiency, save time and improve consistency, which is why Red Hat Enterprise Linux (RHEL) includes features that help automate many tasks. RHEL system roles are a collection of Ansible content that helps provide more consistent workflows and streamline the execution of many manual tasks.Fapolicyd is a security-focused feature that can control which applications may be executed in a RHEL environment, as well as verify the integrity of applications prior to execution. This functionality helps prevent untrusted applications from being executed on a RHEL system. For

Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and remediated: - PRODSECBUG-1589: Stops Brute Force Requests via basic RSS authentication - MAG-23: M1 Credit Card Storage Capability - PRODSECBUG-2149: Authenticated RCE using customer import - PRODSECBUG-2159: API Based RCE Vulnerability - PRODSECBUG-2156: RCE Via Unauthorized Upload - PRODSECBUG-2155: Authenticated RCE using dataflow - PRODSECBUG-2053: Prevents XSS in Newsletter Template - PRODSECBUG-2142: XSS in CMS Preview - PRODSECBUG-1860: Admin Account XSS Attack Cessation via Filename - PRODSECBUG-2119: EE Patch to include names in templates - PRODSECBUG-2129: XSS in Google Analytics Vulnerability - PRODSECBUG-2019: Merchant Wishlist Security Strengthening - PRODSECBUG-2104: Send to a Frie...

Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: - APPSEC-2001: Authenticated Remote Code Execution (RCE) using custom layout XML - APPSEC-2015: Authenticated Remote Code Execution (RCE) through the Create New Order feature (Commerce only) - APPSEC-2042: PHP Object Injection and RCE in the Magento admin panel (Commerce Target Rule module) - APPSEC-2029: PHP Object Injection and Remote Code Execution (RCE) in the Admin panel (Commerce) - APPSEC-2007: Authenticated SQL Injection when saving a category - APPSEC-2027: CSRF is possible against Web sites, Stores, and Store Views - APPSEC-1882: The cron.php file can leak database credentials - APPSEC-2006: Stored cross-site scripting (XSS) through the Enterprise Logging extension - APPSEC-2005: Pers...

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

laravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in version 2.0.10.