Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-47370: CVE-reports/bluetrick.md at main · syz913/CVE-reports

The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE
Open in Source
#vulnerability#git
CVE-2023-47368: CVE-reports/taketorinoyu.md at main · syz913/CVE-reports

The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.

GHSA-f475-x83m-rx5m: Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

# Introduction This write-up describes a vulnerability found in [Label Studio](https://github.com/HumanSignal/label-studio), a popular open source data labeling tool. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced. # Overview In [Label Studio version 1.8.1](https://github.com/HumanSignal/label-studio/tree/1.8.1), a hard coded Django `SECRET_KEY` was set in the application settings. The Django `SECRET_KEY` is used for signing session tokens by the web application framework, and should never be shared with unauthorised parties. However, the Django framework inserts a `_auth_user_hash` claim in the session token that is a HMAC hash of the account's password hash. That claim would normally prevent forging a valid Django session token without knowing the password hash of the account. However, any authenticated user can exploit an Object Relational Mapper (ORM) Leak vulnerability in Label Studio to leak the password hash of any account on the ...

CVE-2023-47364: CVE-reports/nagaoka taxi.md at main · syz913/CVE-reports

The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims

CVE-2023-47363: CVE-reports/F.B.P members.md at main · syz913/CVE-reports

The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-47365: CVE-reports/Lil.OFF-PRICE STORE.md at main · syz913/CVE-reports

The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-47367: CVE-reports/platinum clinic.md at main · syz913/CVE-reports

The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.

CVE-2023-47369: CVE-reports/best_training_member.md at main · syz913/CVE-reports

The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.

CVE-2023-47366: CVE-reports/craft_members.md at main · syz913/CVE-reports

The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

ChatGPT Down? OpenAI Blames Outages on DDoS Attacks

By Waqas OpenAI and ChatGPT began experiencing service outages on November 8th, and the company is actively working to restore full service. This is a post from HackRead.com Read the original post: ChatGPT Down? OpenAI Blames Outages on DDoS Attacks