#auth

### Impact The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. ### Patches The vulnerability has been addressed and patched. Users are advised to upgrade to Yak Engine version 1.2.4-sp1 immediately. The patch can be viewed and reviewed at this PR: [https://github.com/yaklang/yaklang/pull/295](https://github.com/yaklang/yaklang/pull/295)，[https://github.com/yaklang/yaklang/pull/296](https://github.com/yaklang/yaklang/pull/296) ### Workarounds Currently, the most effective solution is to upgrade to the patched version of Yak Engine (1.2.4-sp1). Users are also advised to avoid exposing vulnerable versions to untrusted input an...

### Summary In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. ### Details In the `/license/` endpoint, the `license_details_view` function is vulnerable to a potential cross-site scripting (XSS) attack due to inadequate validation and sanitization of the `key` parameter. This vulnerability arises when attempting to access a key with malicious javascript. ```python def license_details_view(request, key): """ Display all available information about a given license `key` followed by the full license text. """ licenses = get_licenses() try: data = saneyaml.dump(licenses[key].to_dict()) text = licenses[key].text except KeyError: return HttpResponseNotFound(f"License {key} not found.") # Leads to cross-site scripting when key is malicious javascript re...

### Summary When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible if a `session` strategy is not defined. ### Impact This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, you are unaffected if `ui.isAccessAllowed` is defined). This vulnerability does affect developers who thought that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. ### Patches This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. ### Workarounds You can opt to write your own `isAccessAllowed` to work-around this vulnerability. ### References ...

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowe...

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.

Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.