Tag
#auth
cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and app/code/community/Ophirah/Qquoteadv/Helper/Data.php files, poses a significant risk of Remote Code Execution, especially when custom file options are employed on a product. Attackers exploiting this vulnerability could execute arbitrary code remotely, leading to unauthorized access and potential compromise of sensitive data.
In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access.
### Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. ### Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Post in https://forum.mautic.org/c/support * Email us at [email protected]
### Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. ### Proof Of Concept `{{ read_file('/var/www/html/grav/user/accounts/riri.yaml') }}` Use the above Twig template syntax in a page and observe that the administrator riri's authentication details are exposed accessible by any unauthenticated user.  As an additional proof of concept for reading system files, observe the `/etc/passwd` file read using the following Twig syntax: `{{ read_file('/etc/passwd') }}`  when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. ### Patches This vulnerability was fixed in source-controller **v1.2.5**. ### Workarounds There is no workaround for this vulnerability except for using a different auth mechanism such as [Azure Workload Identity](https://v2-2.docs.fluxcd.io/flux/components/source/buckets/#azure). ### Credits This issue was reported and fixed by Jagpreet Singh Tamber (@jagpreetstamber) from the Azure Arc team. ### References https://github.com/fluxcd/source-controller/pull/1430 ### For more information If you have any questions or comments about this advis...
Google is introducing new AI-powered safety tools in Android 15 that can lock down your phone if thieves nab it.
By Waqas In a major blow to cybercrime, Breach Forums, a notorious online marketplace for stolen data, has been seized by the FBI and Department of Justice (DoJ). This unprecedented takedown includes not just the clear web domain, but also the dark web, escrow sections and Telegram accounts. This is a post from HackRead.com Read the original post: Popular Cyber Crime Forum Breach Forums Seized by Police
SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
Zope version 5.9 suffers from a command injection vulnerability in /utilities/mkwsgiinstance.py.
Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.