#git

### Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me `p, michael, applications, *, demo/*, allow`, where `demo` can just deploy to the `demo` namespace 2. Admin gives me AppProject `dev` which reconciles from ns `dev-apps` 3. Admin gives me `p, michael, applications, sync, dev/*, allow`, i.e. no updating via the UI allowed, gitops-only 4. I create an Application called `pwn` in `dev-apps` with project dev and sync the app with sources from git 5. I change the Application’s project to demo via kubectl or gitops (whichever mechanism my admins have given me, because it should be safe) 6. I use the UI to edit the resource which should only be mutable via gitops ### Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.7 v2.9.12 v2.8.16 ### For more information If you have any questions or comments about this advisory: Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/arg...

By Uzair Amir In the rapidly evolving work environment of today, collaborative scheduling stands out as a foundational pillar for effective… This is a post from HackRead.com Read the original post: Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools

### Summary `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. ### Details This is related to the patched vulnerability https://github.com/advisories/GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. Since https://github.com/Byron/gitoxide/pull/1032, `gix-transport` checks the host and path portions of a URL for text that has a `-` in a position that will cause `ssh` to interpret part of all of the URL as an option argument. But it does not check the non-mandatory username portion of the URL. As in Git, when an address is a URL of the form `ssh://username@hostname/path`, or when it takes the special form `username@hostname:dirs/r...

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resou...

There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 ## Workarounds No workaround ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

### Impact Cilium allows outside actors (`world` entity) to directly access pods with their internal pod IP, even if they are not exposed explicitly (e.g. via `LoadBalancer`). A pod that does not authenticate clients and that does not exclude `world` traffic via network policy may leak sensitive data to an attacker _inside the cloud VPC_. ### Patches The issue has been patched in [v2.16.3](https://github.com/edgelesssys/constellation/releases/tag/v2.16.3). ### Workarounds This network policy excludes all `world` traffic. It mitigates the problem, but will also block all desired external traffic. If vulnerable pods are known, a policy can be crafted to only firewall those instead (see also https://docs.cilium.io/en/stable/security/policy/language/#access-to-from-outside-cluster). ```yaml apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy metadata: name: "from-world-to-role-public" spec: endpointSelector: matchLabels: {} # role: public ingressDeny: -...

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.

Ubuntu Security Notice 6731-1 - It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS.

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

Kruxton version 1.0 suffers from a remote shell upload vulnerability.