#mongo

By Waqas The latest cybersecurity incident to impact a large-scale and highly popular company is the MongoDB Data Breach. This is a post from HackRead.com Read the original post: Hackers Access Customer Info, Corporate Systems in MongoDB Data Breach

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.

### Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. ### Details Through the WEB CLI interface provided by koko, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. ``` admin> const { execSync } = require("child_process") admin> console.log(execSync("id; hostname;").toString()) uid=0(root) gid=0(root) groups=0(root) jms_koko admin> ``` ### Patches Safe versions: - v2.28.20 - v3.7.1 ### Workarounds It is recommended to upgrade the safe versions. After upgrade, you can use the same method to check whether the vulnerability is fixed. ``` admin> console.log(execSync("id; hostname;").toString()) /bin/sh: line 1: /bin/hostname: Permission denied ``` ### References Thanks for **Oskar Zeino-Mahmalat** of [Sonar](https://sonarsource.com/) found an...

### Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate(). For applications using Express and EJS, this can potentially allow remote code execution. ### Patches The original patched version for mongoose 5.3.3 did not include a fix for CVE-2023-3696. Therefore the existing version @seal-security/mongoose-fixed version 5.3.3 is affected by this vulnerability (though it is protected from CVE-2022-2564 and CVE-2019-17426). To mitigate this issue, a @seal-security/mongoose-fixed version 5.3.4 has been deployed. Note that this version is compatible with the original mongoose version 5.3.3, not version 5.3.4 ### References https://security.snyk.io/vuln/SNYK-JS-MONGOOSE-5777721 https://github.com/advisories/GHSA-9m93-w8w6-76hh https://github.com/Automattic/mongoose/commit/f1efabf350522257364aa5c2cb36e441cf08f1a2

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.