Tag
#ssh
### Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. ### Patches Editing symlink while changing the file name has been prohibited via the repository web editor (https://github.com/gogs/gogs/pull/7857). Users should upgrade to 0.13.1 or the latest 0.14.0+dev. ### Workarounds No viable workaround available, please only grant access to trusted users to your Gogs instance on affected versions. ### References n/a ### Proof of Concept 1. Create two repositories, upload something to the first repository, edit any file, and save it on the webpage. 2. In the second repository, create a symbolic link to the file you need to edit: ```bash $ ln -s /data/gogs/data/tmp/local-repo/1/.git/config test $ ls -la total 8 drwxr-xr-x 5 dd staff 160 Oct 27 19:09 . drwxr-xr-x 4 dd staff 128 Oct 27 19:06 .. drwxr-xr-x 12 dd staff 384 Oct 27 19:09 .git -rw-r--r-- 1 dd staff 12 O...
### Summary An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **"real-browser"** request type, which takes a screenshot of the URL provided by the attacker. By supplying local file paths, such as `file:///etc/passwd`, an attacker can read sensitive data from the server. ### Details The vulnerability arises because the system does not properly validate or sanitize the user input for the URL field. Specifically: 1. The URL input (`<input data-v-5f5c86d7="" id="url" type="url" class="form-control" pattern="https?://.+" required="">`) allows users to input arbitrary file paths, including those using the `file:///` protocol, without server-side validation. 2. The server then uses the user-provided URL to make a request, passing it to a browser instance that performs the "real-browser" request, which takes a screenshot of the content at the given URL....
A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.
A free VPN app called Big Mama is selling access to people’s home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.
SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…
IntroductionIn a previous article, I demonstrated how to configure the Automatic Certificate Management Environment (ACME) feature included in the Identity Management (IdM) Dogtag Certificate Authority (CA). Specifically, I covered installation of IdM with random serial numbers, and how to enable the ACME service and expired certificate pruning. This article explains the management of ACME (currently a technology preview) with IdM and Red Hat Enterprise Linux (RHEL) clients.Currently, mod_md is the only ACME client implementation completely supported and provided by Red Hat. For this article,
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and t...
The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MOBATIME Equipment: Network Master Clock - DTS 4801 Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Network Master Clock - DTS 4801, a primary clock used to synchronize with secondary clocks, are affected: Network Master Clock - DTS 4801: FW Version 00020419.01.02020154 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of Default Credentials CWE-1392 MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. CVE-2024-12286 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-...
Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add