Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-vhmj-5q9r-mm9g: BlastRADIUS also affects eduMFA

### Summary BlastRADIUS (see blastradius.fail for details) also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked. ### Details Website with the vulnerability information blastradius.fail The original vulnerability has been assigned CVE-2024-3596 Case in vince: https://kb.cert.org/vuls/id/456537 ### PoC There is no known proof-of-concept except for the attack shown in the paper from the researchers ### Impact An attacker can trigger an authentication flow with a RADIUS-backed token, intercept the RADIUS packet sent by eduMFA and modify the RADIUS server's answer, which would lead eduMFA to believe that the token is valid, even though the RADIUS servers answer was a reject.

ghsa
Open in Source
#vulnerability#web#git#auth
GHSA-52cw-pvq9-9m5v: Silverstripe uses TinyMCE which allows svg files linked in object tags

### Impact TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks. Note that `<embed>` tags are not allowed by default. After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour. We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS. ### References: - https://www.silverstripe.org/download/security-releases/ss-2024-001 - https://github.com/advisories/GHSA-5359-pvf2-pw78

GHSA-ghgq-x6wc-6jr5: Zowe CLI allows storage of previously entered secure credentials in a plaintext file

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.

GHSA-2rwm-xv5j-777p: Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

GHSA-55rf-8q29-4g43: Sylius has a security vulnerability via adjustments API endpoint

### Impact A security vulnerability was discovered in the `/api/v2/shop/adjustments/{id}` endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. ### Patches The issue is fixed in versions: 1.12.19, 1.13.4 and above. The `/api/v2/shop/adjustments/{id}` will always return `404` status. ### Workarounds Using YAML configuration: Create `config/api_platform/Adjustment.yaml` file: ```yaml # config/api_platform/Adjustment.yaml '%sylius.model.adjustment.class%': itemOperations: shop_get: controller: ApiPlatform\Core\Action\NotFoundAction read: false output: false ``` Or using XML configuration: Copy the original configuration from vendor: ```bash cp vendor/sylius/sylius/src/Sylius/Bundle/ApiBundle/Resources/...

GHSA-chx7-9x8h-r5mg: Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload

### Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack. ### References - https://www.silverstripe.org/download/security-releases/cve-2024-32981

GHSA-89q6-98xx-4ffw: Silverstripe Reports are still accessible even when `canView()` returns false

Reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. ## References - https://www.silverstripe.org/download/security-releases/cve-2024-29885

Snowflake Account Attacks Driven by Exposed Legitimate Credentials

Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.

Rite Aid says 2.2 million people affected in data breach

Rite Aid has started notifying 2.2 million people that were affected by data breach that was part of a June ransomware attack.

GHSA-6523-jf4r-c962: Apache StreamPipes has potential remote code execution (RCE) via file upload

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.