#git

Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

By Waqas Bronze Starlight hackers have been cleverly utilizing a valid Ivacy VPN code-signing certificate to target the Southeast Asian gambling industry. This is a post from HackRead.com Read the original post: Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4380: No description is available for this CVE. * CVE-2023-23931: A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamen...

Categories: News Tags: QR codes Tags: attachment Tags: phishing Tags: Bing Tags: Microsoft Tags: credentials Researchers have been monitoring a phishing campaign that uses QR codes and Bing redirects to lead targets to phishing sites. (Read more...) The post QR codes used to phish for Microsoft credentials appeared first on Malwarebytes Labs.

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.6.8 or apply this patch manually https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e.patch manually. ### References https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993/

# Description wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete API key via `/developer/client/delete/{id}` This vulnerability has a CVSSv3.1 score of 6.5. **You should immediately patch your instance to version 2.6.3 or higher if you have more than one user and/or having open registration**. # Resolution This action is now doable only via POST method, which ensures that we can't do it via a 3rd-party website. # Credits We would like to thank @tht1997 for reporting this issue through huntr.dev. Reference: https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/

### Summary The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. ### Details It was noticed that in the validatePostRequestAsync() flow in saml.js, the current timestamp is never checked. This could present a vulnerability where a user who has an XML LogoutRequest could validated it if the IssueInstance and the NotOnOrAfter are valid along with valid credentials (signature, certificate etc.). ### PoC I was able to validate a sample valid LogoutRequest XML multiple times through postman by sending it to my endpoint regardless if the current present time was past the NotOnOrAfter time. After some further testing, it seems that only the IssueInstance is checked against NotOnOrAfter. Not sure if this was the intended behaviour but I believe having a never expiring valid LogoutRequest could be dangerous. ### Impact This could impact the user where they would be logged out from an expire...

### Impact Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. The problem is present [since version 4.3M2](https://jira.xwiki.org/browse/XWIKI-7369) when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. ### Patches The issue has been fixed in XWiki 14.10.5 and 15.1RC1 by https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262 . The fix is in the content of the [AppWithinMinutes.Content](https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262#diff-850f6875c40cf7932f40a985e99679a041891c6ee75d10239c06921c0019cf78R82) page that ...