Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

DARKReading
Open in Source
#web#mac#windows#apple#google#git#auth#chrome
GHSA-g54f-66mw-hv66: Agnai vulnerable to Relative Path Traversal in Image Upload

### Summary A vulnerability has been discovered in **Agnai** that permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect: - agnai.chat - installations using S3-compatible storage - self-hosting that is not publicly exposed ### CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html ### CVSS4.0 - 2.3 Low CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N ### Details This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the `editCharacter` handler https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.ts#L140: ```tsx POST /api/character/28cbe508-2fa9-4890-886e-61d73e22006c%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2f%6...

GHSA-h355-hm5h-cm8h: Agnai File Disclosure Vulnerability: JSON via Path Traversal

### CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html ### CVSSv3.1 4.3 - Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N ### Summary A vulnerability has been discovered in **Agnai** that permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. **This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only.** ### Details & PoC This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request: ```tsx GET /api/json/messages/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2fpackage HTTP/1.1 ``` In this example, the attacker retrieves the `package.json` file content from the server by manipulating the file path. The request is processed by the `loadM...

GHSA-mpch-89gm-hm83: Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal

## Summary A vulnerability has been discovered in **Agnai** that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This **does not** affect: - `agnai.chat` - installations using S3-compatible storage - self-hosting that is not publicly exposed This **DOES** affect: - publicly hosted installs without S3-compatible storage ### CWEs CWE-35: Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type ### CVSS-4.0 - **9.0 - Critical** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H ### Description Path Traversal and Unrestricted Upload of File with Dangerous Type Path Traversal Location ```tsx POST /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character HTTP/1.1 {"_id...

Are hardware supply chain attacks “cyber attacks?”

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

GHSA-j827-6rgf-9629: Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

### Summary A DOM Clobbering vulnerability has been discovered in `layui` that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. It's worth noting that we’ve identifed similar issues in other popular client-side libraries like Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986)) and Vite ([CVE-2024-45812](https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3)), which might serve as valuable references. ### Backgrounds DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code snippet) living in the existing libraries to transform it into executable code. ### Impact This vulnerability can lead to cross-site scripting (XSS) on websites that uses ...

Hurricane Helene Prompts CISA Fraud Warning

Beware that friendly text from the IT department giving you an "update" about restoring your broadband connectivity.

Moving DevOps Security Out of 'the Stone Age'

Developers need to do more than scan code and vet software components, and ops should do more than just defend the deployment pipeline.

Red Hat Security Advisory 2024-7136-03

Red Hat Security Advisory 2024-7136-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-7135-03

Red Hat Security Advisory 2024-7135-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.