Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

GHSA-fqxj-46wg-9v84: Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

### Impact A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacted versions: Flask-AppBuilder version 4.1.4 up to and including 4.2.0 ### Patches This issue was introduced on 4.1.4 and patched on 4.2.1, user's should upgrade to 4.2.1 or newer versions.

ghsa
#xss#vulnerability#git#java#oauth#auth
Here Are the Secret Locations of ShotSpotter Gunfire Sensors

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

Red Hat Security Advisory 2024-0778-03

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

GHSA-gccq-h3xj-jgvf: Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions

### Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between `v0.10.4` and `v0.11.9`, inclusive. A proof of concept of this vulnerability exists. ### Details TBA. This advisory will be edited with more details on 2024/02/25, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit. ### Impact This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required.

Satellite Images Point to Indiscriminate Israeli Attacks on Gaza’s Health Care Facilities

New research finds that Israel’s attacks on Gaza damaged hospitals and other medical facilities at the same rate as other buildings, potentially in violation of international law.

GHSA-xfj7-qf8w-2gcr: Rancher 'Audit Log' leaks sensitive information

### Impact A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. The leaks might be caught in the audit logs upon these actions: - Creating cloud credentials or new authentication providers. It is crucial to note that **all** [authentication providers](https://ranchermanager.docs.rancher.com/pages-for-subheaders/authentication-config#external-vs-local-authentication) (such as AzureAD) and [cloud providers](https://ranchermanager.docs.rancher.com/pages-for-subheaders/set-up-cloud-providers) (such as Google) are impacted. - Downloading a kubeconfig file from a downstream...

The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world

Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system.

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules

The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the

GHSA-mrx3-gxjx-hjqj: Authentik vulnerable to PKCE downgrade attack

## Summary PKCE is a very important countermeasure in OAuth2 , both for public and confidential clients. It protects against CSRF attacks and code injection attacks. Because of this bug, an attacker can circumvent the protection PKCE offers. ## Patches authentik 2023.8.7 and 2023.10.7 fix this issue. ## Details There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the `code_challenge’ parameter to the authorization request and adds the `code_verifier’ parameter to the token request. We recently fixed a downgrade attack (in v2023.8.5 and 2023.10.4) where if the attacker removed the `code_verifier’ parameter in the token request, authentik would allow the request to pass, thus circumventing PKCE’s protection. However, in the latest version of the software, another downgrade scenario is still possible: if the attacker removes the `code_challenge’ parameter from the authorization request, authentik will also not d...

The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

US spy agencies purchased Americans’ phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.