#git

Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not favorable. A valid database connection is required. If the database engine was configured to allow creation of databases, the module default can be used which utilizes an in memory database. Some Docker instances of H2 don't allow writing to folders such as /tmp, so we default to writing to the working directory of the software. This Metasploit module was tested against H2 version 2.1.214, 2.0.204, 1.4.199 (version detection fails).

Categories: News Tags: Discord.io Tags: Discord Tags: data breach Discord.io has confirmed that personally identifiable information of 760,000 members was stolen in a data breach. The third-party Discord service has been shut down for the time being (Read more...) The post Discord.io confirms theft of 760,000 members' data appeared first on Malwarebytes Labs.

Jenkins Delphix Plugin 3.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An enumeration of credentials IDs in Delphix Plugin 3.0.3 requires the appropriate permissions.

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. This issue is due to an incomplete fix of SECURITY-2502. Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint.

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a_802e4d2 masks credentials configured in configuration files if they appear in the build log.

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. NodeJS Plugin 1.6.0.1 masks credentials specified in the Npm config file in Pipeline build logs.

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Overall/Read permission to access and capture credentials they are not entitled to. Delphix Plugin 3.0.3 defines the appropriate context for credentials lookup.

Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified job name. Additionally, the output of the webhook endpoint includes whether a job corresponding to the attacker-specified job name exists, even if the attacker has no permission to access it. As of publication of this advisory, there is no fix.