Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-v627-69v2-xx37: `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

### Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. ### Details https://github.com/stacklok/minder/blob/e88e4b286e4bc04c03b0332a77961f085e1aa77f/database/query/repositories.sql#L22-L23 https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 The DB query used here checks by repo owner, repo name and provider name (which is always "github"). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. `DeleteRepositoryByName` uses the same query and I have been able to delete another user's repo using this technique. The `GetArtifactByName` endpoint also uses this DB query. I have not reproduced the behaviou...

ghsa
#sql#git#auth
WordPress Neon Text 1.1 Cross Site Scripting

WordPress Neon Text plugin versions 1.1 and below suffer from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2024-1081-03

Red Hat Security Advisory 2024-1081-03 - An update for sqlite is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-1071-03

Red Hat Security Advisory 2024-1071-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

GHSA-7jwh-3vrq-q3m8: pgproto3 SQL Injection via Protocol Message Size Overflow

### Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. ### Patches The problem is resolved in v2.3.3 ### Workarounds Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

GHSA-mrww-27vc-gghv: pgx SQL Injection via Protocol Message Size Overflow

### Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. ### Patches The problem is resolved in v4.18.2 and v5.5.4. ### Workarounds Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

GHSA-m7wr-2xf7-cm9p: pgx SQL Injection via Line Comment Creation

### Impact SQL injection can occur when all of the following conditions are met: 1. The non-default simple protocol is used. 2. A placeholder for a numeric value must be immediately preceded by a minus. 3. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. 4. Both parameter values must be user-controlled. e.g. Simple mode must be enabled: ```go // connection string includes "prefer_simple_protocol=true" // or // directly enabled in code config.ConnConfig.PreferSimpleProtocol = true ``` Parameterized query: ```sql SELECT * FROM example WHERE result=-$1 OR name=$2; ``` Parameter values: `$1` => `-42` `$2` => `"foo\n 1 AND 1=0 UNION SELECT * FROM secrets; --"` Resulting query after preparation: ```sql SELECT * FROM example WHERE result=--42 OR name= 'foo 1 AND 1=0 UNION SELECT * FROM secrets; --'; ``` ### Patches The problem is resolved in v4.18.2. ### Workarounds Do not use the simple protocol or do not place ...

Petrol Pump Management Software 1.0 SQL Injection

Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.

Employee Management System 1.0-2024 SQL Injection

Employee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

GHSA-6927-3vr9-fxf2: ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

### Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. ### Patches The algorithm to detect SQL injection has been improved. ### Workarounds None. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 - https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6) - https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release) ### Credits - Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder) - Ehsan Persania (remediation developer) - Manuel Trezza (coordinator)