#js

Red Hat Security Advisory 2024-0799-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0798-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0741-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0740-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0735-03 - Red Hat OpenShift Container Platform release 4.14.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

### Summary Email validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only. A user changing it's email after signing up (and verifying it) can change it without verification in `/profile`. This can be used to prevent legitimate owner of the email address from signing up. Another way to prevent email's owner from signing up is by setting Username as an email: When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated.  Here user a prevents owner of [email protected] to signup. ### Details I don't know exact location but this is related to PUT /api/user handler. ### PoC Bypass email validation: * Start a new grafana instance using lat...

Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-0796-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-0793-03 - Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-0792-03 - Red Hat Integration Camel for Spring Boot 3.20.5 release and security update is now available. Issues addressed include a buffer overflow vulnerability.