Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

Automating secrets management with HashiCorp Vault and Red Hat Ansible Automation Platform

A lot of organizations use Red Hat Ansible Automation Platform to orchestrate their infrastructure and Hashicorp Vault to manage their secrets. But how do they work together?HashiCorp Vault is a powerful tool for managing secrets, providing a centralized platform for storing, accessing, and distributing sensitive information. When combined with Ansible Automation Platform, you can streamline and automate secret management across your infrastructure. In this blog post, we'll explore how to integrate HashiCorp Vault with Ansible Tower to automate secret management effectively.Workflow outlineThe

Red Hat Blog
Open in Source
#mac#red_hat#auth#ssh
GHSA-3xr8-qfvj-9p9j: Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.

Boelter Blue System Management 1.3 SQL Injection

Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-3479-03

Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2728-03

Red Hat Security Advisory 2024-2728-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 for RHEL 9.2. Issues addressed include a denial of service vulnerability.

GHSA-rfqq-wq6w-72jm: MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.

Automating fapolicyd with RHEL system roles

Automation can help increase efficiency, save time and improve consistency, which is why Red Hat Enterprise Linux (RHEL) includes features that help automate many tasks. RHEL system roles are a collection of Ansible content that helps provide more consistent workflows and streamline the execution of many manual tasks.Fapolicyd is a security-focused feature that can control which applications may be executed in a RHEL environment, as well as verify the integrity of applications prior to execution. This functionality helps prevent untrusted applications from being executed on a RHEL system. For

GHSA-4w53-6jvp-gg52: sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

### Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. ### Details [This commit](https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430) added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection that sshpiper is directly (or in some cases indirectly) exposed to can use proxy protocol to forge its source address. ### PoC You can use a configuration like this in HAProxy: ``` listen w-send-proxy mode tcp log global option tcplog bind *:27654 tcp-request connection set-src ipv4(1.1.1.1) server app1 ssh-piper-hostname:22 send-proxy ``` When connecting through HAProxy, sshpiper will log connections as originating from `1.1.1.1`. The proxy protocol data is designed to survive multiple load balancers or proxies and pass through to sshpiper at the end, so it should only be...

GHSA-jmqp-37m5-49wh: sshproxy vulnerable to SSH option injection

### Impact Any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. ### Patches The problem is patched starting on version 1.6.3 ### Workarounds The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant. ### References

CrushFTP Directory Traversal

CrushFTP versions prior to 11.1.0 suffers from a directory traversal vulnerability.