Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-m8rw-rcpq-2vp2: Improper Privilege Management in github.com/sap/cloud-security-client-go

### Impact SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 0.17.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50424

ghsa
Open in Source
#vulnerability#git#auth#sap
GHSA-59c9-pxq8-9c73: Improper JWT Signature Validation in SAP Security Services Library

### Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 2.17.0 or >= 3.3.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50422

GHSA-4mq4-7rw3-vm5j: Filesystem sandbox not enforced

### Summary As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox. ### Details https://github.com/wasmerio/wasmer/issues/4267 ### PoC A minimal Rust program: ``` fn main() { let f = std::fs::OpenOptions::new() .write(true) .create_new(true) .open("abc") .unwrap(); } ``` This should be compiled with `cargo build --target wasm32-wasi`. The compiled program, when run with wasmer WITHOUT `--dir`, can still create a file in the working directory. ### Impact Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem.

GHSA-6xmx-85x3-4cv2: Stored XSS via SVG File Upload

#### Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. #### Workaround Implement the server side file validation https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation or Serve all media from an different host (e.g cdn) that where umbraco is hosted

GHSA-7x74-h8cw-qhxq: Brute force exploit can be used to collect valid usernames

#### Impact A brute force exploit that can be used to collect valid usernames is possible.

GHSA-8qp8-9rpw-j46c: SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.

#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

GHSA-cfr5-7p54-4qg8: Privilege Escalation using Spoofing

#### Impact Users with low privileges ( Editor, etc) are able to access some unintended endpoints.

GHSA-6324-52pr-h4p5: Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

GHSA-v98m-398x-269r: DOM-XSS on Backoffice login screen.

#### Impact Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

GHSA-335x-5wcm-8jv2: Backoffice User can bypass "Publish" restriction

#### Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.