Tag
#ssl
### Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. ### Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating. https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 is seemingly setting TLS 1.2 as minimum version, but the whole tlsConfig is ignored after "TLS cert reloader" was introduced in https://github.com/dexidp/dex/pull/2964. Configured cipher suites are not respected either, as seen on the output. ### PoC Build Dex, generate certs with `gencert.sh`, modify `config.dev.yaml` to run on https, using generated certs. ```console issuer: http://127.0.0.1:5556/dex storage: type: sqlite3 config: file: dex.db web: https: 127.0.0.1:5556 tlsCert: examples/k8s/ssl/cert.pem tlsKey: examples/k8s/ssl/key.pem <rest as default> ``` Run dex `bin/dex serve config.dev...
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0397-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.
Red Hat Security Advisory 2024-0293-03 - Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-0292-03 - Red Hat build of MicroShift release 4.14.10 is now available with updates to packages and images that fix several bugs.
# Introduction This write-up describes a vulnerability found in [Label Studio](https://github.com/HumanSignal/label-studio), a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to `1.10.1` and was tested on version `1.9.2.post0`. # Overview [Label Studio](https://github.com/HumanSignal/label-studio) had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. This feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. # Description The following [code snippet in Label Studio](https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146) showed that is a URL passed the SSRF verification checks, the contents of the file would be downloaded using the filename in the URL. ```python def tasks_from_url(file_upload_ids, project, u...
Red Hat OpenShift sandboxed containers (OSC) version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the way for Confidential Containers. By integrating with IBM Z and LinuxONE, OpenShift sandboxed containers help tackle the challenges of providing more secure and efficient containerized applications in complex IT infrastructures.Understanding Peer Pods in OpenShiftPeer Pods have expanded the capabilities of OpenShift, allowing for the use of Kata Container
Ubuntu Security Notice 6593-1 - It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled certain certificate chains with a cross-signing loop. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.