Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-mchx-7j67-8mcf: Casdoor CORS misconfiguration (GHSL-2024-035)

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.

ghsa
#vulnerability#web#git#auth
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any

GHSA-88g2-r9rw-g55h: gitoxide-core does not neutralize special characters for terminals

### Summary The `gix` and `ein` commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages. ### Details `gitoxide-core`, which provides most underlying functionality of the `gix` and `ein` commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. ANSI escape sequences are of particular concern because, when printed to a terminal, they can change colors, including to render subsequent text unreadable; reposition the cursor to write text in a different location, including where text has a...

GHSA-qxqc-27pr-wgc8: GoAuthentik vulnerable to Insufficient Authorization for several API endpoints

### Summary Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this: - `/api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/` - `/api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/` - `/api/v3/.../used_by/` Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable. ### Patches authentik 2024.4.4, 2024.6.4 and 2024.8.0 fix this issue. ### Workarounds Access to the API endpoints can be blocked at a Reverse-proxy/Load balancer level to prevent this issue from being exploited. ### For more information If you have any questions or comments about this advisory: - Email us at [[email protected]](mailto:[email protected])

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify data," the company

New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load Balancer

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to

DIAEnergie 1.10 SQL Injection

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM.

SPIP 4.2.12 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.

AVMS Project 1.0 SQL Injection

AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Online Survey System 1.0 Cross Site Request Forgery

Online Survey System version 1.0 suffers from a cross site request forgery vulnerability.