Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Environment-as-a-Service, part 4: External resources and dynamic credentials

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

Red Hat Blog
Open in Source
#sql#red_hat#js#git#kubernetes#perl#aws#auth#postgres#ssl
GHSA-3qpq-6w89-f7mx: Pimcore Host Header Injection in user invitation link

## Overview A potential security vulnerability discovered in `pimcore/admin-ui-classic-bundle` version up to v1.3.3 . The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. ## Details The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. Here is an excerpt from the affected section of UserController.php file: ``` // /src/Controller/Admin/UserController.php public function invitationLinkAction(Request $request, TranslatorInterface $translator): JsonResponse { ...

GHSA-mcqj-7p29-9528: MantisBT Host Header Injection vulnerability

### Impact Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message. ### Patches https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 ### Workarounds Define `$g_path` as appropriate in config_inc.php. ### References https://mantisbt.org/bugs/view.php?id=19381 ### Credits Thanks to the following security researchers for responsibly reporting and helping resolve this vulnerability. - Pier-Luc Maltais (https://twitter.com/plmaltais) - Hlib Yavorskyi (https://github.com/Kerkroups) - Jingshao Chen (https://github.com/shaozi) - Brandon Roldan - nhchoudhary

GHSA-f3qm-vfc3-jg6v: Possible CSRF attack at questionnaire templates preview

### Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11 This was introduced by this commit in the PR that introduced this feature (#6247): https://github.com/decidim/decidim/pull/6247/commits/5542227be66e3b6d7530f5b536069bce09376660 The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. ### Patches #11743 ### Workarounds Disable the templates functionality or remove all available templates. ### References #11743

Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes

By Deeba Ahmed Third-Party Library Blamed for Wyze Camera Security Lapse. This is a post from HackRead.com Read the original post: Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Kafka UI 0.7.1 Command Injection

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

SPA-CART CMS 1.9.0.3 Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

Petrol Pump Management Software 1.0 Shell Upload

Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.