Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks

Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.

DARKReading
#sql#vulnerability#mac#git#auth
GHSA-hjx6-f647-mvf9: Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

# Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The malicious script is executed when the user creates a new community and is listed as a public member. The script is triggered whenever any user visits the Members section of any community that includes the compromised user. This can potentially allow the attacker to access personal information, such as cookies, of the visiting user. # Patches The problem has been patched in [v7.8.0](https://github.com/inveniosoftware/invenio-communities/releases/tag/v7.8.0). Patches also have been backported in versions [v4.2.2](https://github.com/inveniosoftware/invenio-communities/tree/v4.2.2) and [v2.8.11](https://github.com/inveniosoftware/invenio-communities/tree/v2.8.11). # Credits Thanks to [Twitter....

GHSA-cq42-vhv7-xr7p: Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his username.

GHSA-4vc8-pg5c-vg4x: Keycloak's improper input validation allows using email as username

Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.

GHSA-cv23-q6gh-xfrf: WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms

### Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the Sourcebuster.js library and then inserted without proper sanitization to the classic checkout and registration forms. ### Patches ```diff diff --git a/plugins/woocommerce/client/legacy/js/frontend/order-attribution.js b/plugins/woocommerce/client/legacy/js/frontend/order-attribution.js index 79411e928e1..25eaa721c54 100644 --- a/plugins/woocommerce/client/legacy/js/frontend/order-attribution.js +++ b/plugins/woocommerce/client/legacy/js/frontend/order-attribution.js @@ -155,12 +155,16 @@ * but it's not yet supported in Safari. */ connectedCallback() { - let inputs = ''...

GHSA-wrvh-rcmr-9qfc: @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

### Summary By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). ### Impact Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. ### Technical details #### Vulnerability 1: Open Redirect ##### Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. In the specific context of Strapi, this vulnerability allows the SSO token to be stolen, allowing an attacker to authenticate himself within the application. ##### Remediation If possible, applications shoul...

GHSA-pm9q-xj9p-96pm: @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

### Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. ### Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. ### PoC Due to a bug in what we believe to be Burp’s decoding system, we couldn’t produce a valid file to easily reproduce the vulnerability. Instead, the issue can be reproduced by following these steps: 1. Configure Burp’s proxy between a browser and a Strapi server 2. Log in and upload an image through the Media Library page while having Burp’s interceptor turned on 3. After capturing the upload POST request in Burp, add `%00` at the end of the file extension from the `Content-Disposition`, in the filename parameter (See reference image 1 below) 4. Using the cursor, select t...

GHSA-6j89-frxc-q26m: @strapi/plugin-content-manager leaks data via relations via the Admin Panel

### Summary 1. If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ### Details At the top level every collection shows blank items for an Author if they did not create the item. This is ideal and works great. However if you associate one private collection to another private collection and an Author creates a new item. The pull down should not show the admins list of previously created items. It should be blank unitl they add their own items. ### PoC 1. Sign in as Admin. Navigate to content creation. 2. Select a collection and verify you have items you created there. And that they have associations to other protected collections. 3. Verify role permissions for your collections are set to CRUD if user created. 4. Log out and sign in as a unrelated Author. 5. ...

GHSA-cc55-mvqc-g9mg: SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.

Asset Management Holds the Key to Enterprise Defense

Obtaining — and maintaining — a complete inventory of technology assets is essential to effective enterprise security. How do organizations get that inventory?