Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.

DARKReading
Open in Source
#vulnerability#mac#google#microsoft#cisco#git#intel#backdoor#chrome
GHSA-qjx3-2g35-6hv8: Mautic Sensitive Data Exposure due to inadequate user permission settings

### Impact Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. ### Patches Update to 4.4.12 and 5.0.4 ### Workarounds No ### References https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

GHSA-jj6w-2cqg-7p94: Mautic SQL Injection in dynamic Reports

### Impact Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. ### Patches Update to 4.4.12 or 5.0.4 ### Workarounds No ### References - https://owasp.org/www-community/attacks/SQL_Injection - https://owasp.org/www-community/attacks/Blind_SQL_Injection

GHSA-9fcx-cv56-w58p: Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder

### Impact Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. ### Patches Update to 4.4.12 or 5.0.4. ### Workarounds No ### References - https://cwe.mitre.org/data/definitions/23.html - https://cwe.mitre.org/data/definitions/22.html - https://attack.mitre.org/techniques/T1630/002/ ### For more information If you have any questions or comments about this advisory: Email us at [[email protected]](mailto:[email protected])

GHSA-4vwx-54mw-vqfw: Traefik vulnerable to denial of service with Content-length header

There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` . Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 ## Workarounds For affected versions, this vulnerability can be mitigated by configuring the [readTimeout](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) option. ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

How to change your Social Security Number

Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

GHSA-c5rv-hjjc-jv7m: tiagorlampert CHAOS vulnerable to Cross Site Scripting

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.

GHSA-jx7x-9r98-h5xr: OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

GHSA-6363-v5m4-fvq3: timber/timber vulnerable to Deserialization of Untrusted Data

### Summary Timber is vulnerable to [PHAR deserialization](https://portswigger.net/web-security/deserialization/exploiting#phar-deserialization) due to a lack of checking the input before passing it into the` file_exists()` function. If an attacker can upload files of any type to the server, he can pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when Timber is used with frameworks with documented POP chains like Wordpress/ vulnerable developer code. ### Details The vulnerability lies in the run function within the `toJpg.php` file. The two parameters passed into it are not checked or sanitized, hence an attacker could potentially inject malicious input leading to Deserialization of Untrusted Data, allowing for remote code execution: ![image](https://github.com/timber/timber/assets/89630690/bcd6d031-33c6-4cc5-96b7-b72f0cf0e26c) ### PoC Setup the following code in `/var/www/html`: `...

Ray OS 2.6.3 Command Injection

The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.