Security
Headlines

Tag

#redis

Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution

Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.

Backdoor.Win32.Delf.yj MVID-2024-0693 Information Disclosure

Backdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.

GHSA-cff8-x7jv-4fm8: Session is cached for OpenID and OAuth2 if `redirect` is not used

### Summary Unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include `redirect` query string. For example: - Project is configured with OpenID or OAuth2 - Project is configured with cache enabled - User tries to login via SSO link, but without `redirect` query string - After successful login, credentials are cached - If an unauthenticated user tries to login via SSO link, it will return the credentials of the other last user The SSO link is something like `https://directus.example.com/auth/login/openid/callback`, where `openid` is the name of the OpenID provider configured in Directus ### Details This happens because on that endpoint for both OpenId and Oauth2 Directus is using the `respond` middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. For OpenID, thi...

HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage

HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.

Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution

Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.

Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage

Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Backdoor.Win32.Nightmare.25 malware suffers from a code execution vulnerability.

Gentoo Linux Security Advisory 202408-05

Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.

We use cookies to provide necessary website functionality, and improve your user experience. By using the website, you agree to Privacy Policy and cookies usage.