Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Shibboleth Service Provider Security Advisory \[12 June 2023\] An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery (SSRF) vulnerability. Parsing of KeyInfo elements can cause remote resource access. ============================================================= Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. This issue is \*not\* specific to the V3 XMLTooling software and is believed to impact all versions prior to V3.2.4. Recommendations =============== Update to V3.2.4 or later of the XMLTooling library, which is now available. Note that on Linux and similar platforms, upgrading this component will require restarting the shibd process to correct the bug. The updated version of the library has been included in a V3.4.1.3 patch release of the Service Provider software on Windows. Other Notes =========== The xmltooling git commit containing the fix for this issue is 6080f6343f98fec085bc0fd746913ee418cc9d30 and may be in general terms applicable to V2 of the library. Credits ======= Juriën de Jong, an independent security researcher in the Netherlands URL for this Security Advisory: https://shibboleth.net/community/advisories/secadv\_20230612.txt -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAmSHDk4ACgkQN4uEVAIn eWKdwg/9H2DoBB5xU53ZkNPHQW2MLHvhT/EKXp+1TfL1YD6fpqBrsY1A4pJmwamA U/PRkEGV7EitP0AJZ+lWxJoMcDupu8wsPh2nm0MJUUcgkuYdD38/ixyLs1HQ4jwT SMDQsfTDlEZvbMqdr7B20HxzIGU/bX8pxgvkP1IyclfiSOBIPdbDOQG3OvdZYl5u aJv0mACkPkiH1/JbRI9ODm3zYpwe8C2vpPyBhNrOARB9QzdogN2zx7l5xDyUiHtC YJHWnSMUEn9xvZJUTS+dHZpCmh2R3cpxmbL7WsT5xHq/LH7UUXELwcOiCgUNQgDn rz5lwF2FpXKw4qQ8u49Emqjb9pqPOD+OT1gRc/j3oibqINQunmrdjWt4m8MAK6Bh eS4S3zjGw7JNfaO91PV2TYypYf6hSqGemQBlCmnVHTZqVf068S87ZpFyG1F/VRB5 voEbdoOMBVGpeaan8snRoQTHEMG/tUdlmL7g076NvExH8W9dmhcWW/SiP/gWQ8ko NdUKfqYxONOBCDOlBzC9lBk6D106qbcCsnInwBHdPvWlX36M56oZU/DjV/lNMK+Y j2HS3DtBWxX+1nsrg/DLzyi+8ULOqbawyOqCaaolVjZzTOHGFwpd35XYblyb3iwb JbpmuRuk5cHGTwlHwXNI/5FzECOOe4KMLUzvrgzSiTWU89XBQ1M= =XkeU -----END PGP SIGNATURE-----

CVE-2023-36661

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

**Moodle vulnerable to Server Side Request Forgery**

Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 27, 2023

GHSA-xxp4-mf4h-6cwm: Moodle vulnerable to Server Side Request Forgery

CVE-2023-35133

OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.

Internal reference: MWB-1994  
Type: CWE-922 (Insecure Storage of Sensitive Information)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39  
First fixed revision: OX App Suite backend 7.10.6-rev40  
Discovery date: 2023-01-09  
Solution date: 2023-03-10  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26427  
CVSS: 3.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)

Details:  
Weak default permissions for noreply.properties. Default permissions for a properties file were too permissive.

Risk:  
Local system users could read potentially sensitive information. No publicly available exploits are known.

Solution:  
We updated the default permissions for noreply.properties set during package installation.

---

Internal reference: MWB-2008  
Type: CWE-639 (Authorization Bypass Through User-Controlled Key)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.9  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.10  
Discovery date: 2023-01-17  
Solution date: 2023-03-10  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26428  
CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Details:  
Access to other users signatures is not checked. Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context.

Risk:  
Signatures of other users could be read even though they are not explicitly shared. No publicly available exploits are known.

Solution:  
We improved permission handling when requesting snippets that are not explicitly shared with other users.

---

Internal reference: MWB-2019  
Type: CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-01-23  
Solution date: 2023-03-09  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26429  
CVSS: 3.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)

Details:  
User-feedback not sanitized for control characters. Control characters were not removed when exporting user feedback content.

Risk:  
This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. No publicly available exploits are known.

Solution:  
We now drop all control characters that are not whitespace character during the export.

---

Internal reference: MWB-2038  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-07  
Solution date: 2023-03-16  
Disclosure date: 2023-06-20  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26431  
CVSS: 5.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF through bypassing denylists via IPV4-mapped IPv6 addresses. IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made.

Risk:  
Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. No publicly available exploits are known.

Solution:  
We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list.

---

Internal reference: MWB-2046  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26432  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
SMTP capabilities allow excessive memory usage. When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted SMTP server response to reasonable length/size.

---

Internal reference: MWB-2047  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26433  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
IMAP capabilities allow excessive memory usage. When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted IMAP server response to reasonable length/size.

---

Internal reference: MWB-2048  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39  
First fixed revision: OX App Suite backend 7.10.6-rev40  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26434  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
POP3 capabilities allow excessive memory usage. When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted POP3 server response to reasonable length/size.

---

Internal reference: DOCS-4662  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 7.10.6-rev7  
First fixed revision: OX App Suite office 7.10.6-rev8  
Discovery date: 2023-01-09  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
Researcher credits: Icare  
CVE: CVE-2023-26435  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF using ODT files and "draw" XML fragments. It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents.

Risk:  
Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. No publicly available exploits are known.

Solution:  
We have improved existing content filters and validators to avoid including any local resources.

---

Internal reference: DOCS-4701  
Type: CWE-94 (Improper Control of Generation of Code ('Code Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 7.10.6-rev7  
First fixed revision: OX App Suite office 7.10.6-rev8  
Discovery date: 2023-02-03  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26436  
CVSS: 8.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Details:  
Insecure Deserialization on documentconverterws API lead to Remote Code Execution. Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default.

Risk:  
Arbitrary code could be injected that is being executed when processing the request. No publicly available exploits are known.

Solution:  
A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes.

OX App Suite SSRF / Resource Consumption / Command Injection

Debian Linux Security Advisory 5432-1 - Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5432-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 18, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xmltooling  
CVE ID         : not yet available

Jurien de Jong discovered that the parsing of KeyInfo elements within the  
XMLTooling library may result in server-side request forgery.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 3.2.0-3+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 3.2.3-1+deb12u1.

We recommend that you upgrade your xmltooling packages.

For the detailed security status of xmltooling please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/xmltooling

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSPGPcACgkQEMKTtsN8  
TjanjBAAhqxtCzyFtq+6RTqDKjIU5jNsKlfpT6PDn9mp5JPmS3+oGidBewSo9/+V  
LA3vu3FN7lMAIS+krVTz5ZcK7Yeq4bbLYEA9uy1GXpGx1UZey1yYiH97IopDIdDh  
x1LEd/FzZvp7kNUf8r8skJC4fUm4h84OHdITSfdJskm32qGyThwaV3PtLdZTfwTO  
5UZhfW9lVrRAvtjQmj15rcZbvRLGqn/WESGvbRNS4YutXQo85v6JHGIV8xD54uGA  
VSEJap4YbeZHN1afsJHwK+D/19daU9wXphV8VmgR6J0w6O8YOiFbAcQbzWDoKorl  
mMbZ6C5z4nCBakp9cE4Z5FWIkcMq8oW5yVpSmCl9aVBz756IVH0bLNRS6lyBPQjX  
nUeegqgc2nVW1dqG2gPpULz83yHqMBQbso7cQZMk42iH3+9rsimjYIg0vvh48JQj  
kQopct6LEl/PlEcYgW5H3cHxrGXAeCE61OiZdsdIkeuuWrUh4N2q8bevk3Qzo0bt  
VEUrELoXhjHc3QpobbrNFp8VpoH0mzd1tIaT5fVLwqmLFr22zBLpuXnV3SsZEDnS  
TvYcahuRmn9IedLcYXanNTPxHU+r0KyhlvyvRA3qRQd/bmhQZQK+NuUWZBhfV2ft  
hgvG3k1R0Sc4HzYuHEuPJu3CsCSkdXJm/Gjf0vMf+dButYxczdI=  
=7FBV  
-----END PGP SIGNATURE-----

Debian Security Advisory 5432-1

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

TP-Link Archer AX10(EU)\_V1.2\_230220 Buffer Overflow

Posted Jun 16, 2023

Authored by Giuseppe Compare

TP-Link Archer version AX10(EU)\_V1.2\_230220 suffers from a buffer overflow vulnerability.

tags | advisory, overflow

Download | Favorite | View

QuickJob Portal 6.1 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

QuickJob Portal version 6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

Debian Security Advisory 5431-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5431-1 - Xu Biang discovered that missing input sanitizing in Sofia-SIP, a SIP User-Agent library could result in denial of service.

tags | advisory, denial of service

systems | linux, debian

Download | Favorite | View

Ubuntu Security Notice USN-6156-2

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6156-2 - USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

tags | advisory, remote

systems | linux, ubuntu

Download | Favorite | View

Debian Security Advisory 5430-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.

tags | advisory, java, denial of service, vulnerability, info disclosure

systems | linux, debian

Download | Favorite | View

Red Hat Security Advisory 2023-3644-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

tags | advisory

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3645-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service

systems | linux, redhat

Download | Favorite | View

Ubuntu Security Notice USN-6169-1

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6169-1 - It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information.

tags | advisory, remote, denial of service

systems | linux, ubuntu

Download | Favorite | View

Red Hat Security Advisory 2023-3641-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3641-01 - This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. Issues addressed include denial of service, deserialization, resource exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3642-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss

systems | linux, redhat

Download | Favorite | View

Debian Security Advisory 5429-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, protocol

systems | linux, debian

Download | Favorite | View

Ubuntu Security Notice USN-6168-1

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6168-1 - Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

Download | Favorite | View

Debian Security Advisory 5428-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5428-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure

systems | linux, debian

Download | Favorite | View

Red Hat Security Advisory 2023-3622-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, csrf

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3624-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3623-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3623-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss

systems | linux, redhat

Download | Favorite | View

Ubuntu Security Notice USN-6155-2

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6155-2 - USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote

systems | linux, ubuntu

Download | Favorite | View

Suricata IDPE 6.0.13

Posted Jun 16, 2023

Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 1 security fix, 11 bug fixes, 1 task, and 2 documentation updates.

tags | tool, intrusion detection

systems | unix

Download | Favorite | View

Debian Security Advisory 5427-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5427-1 - An anonymous researcher discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

tags | advisory, web, arbitrary, code execution

systems | linux, debian, apple

Download | Favorite | View

Red Hat Security Advisory 2023-3610-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf

systems | linux, redhat

Download | Favorite | View

Textpattern CMS 4.8.8 Command Injection

Posted Jun 16, 2023

Authored by tmrswrr

Textpattern CMS version 4.8.8 suffers from a command injection vulnerability.

tags | exploit

Download | Favorite | View

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Posted Jun 16, 2023

Authored by ayantaker | Site github.com

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit.

tags | exploit, proof of concept, bypass

Download | Favorite | View

Red Hat Security Advisory 2023-3609-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory

systems | linux, redhat

Download | Favorite | View

CVE-2023-30223: Packet Storm

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

**Comprehensive B2B Integration Made Simple**

Integrate EDI, MFT, and API workflows with your application infrastructure in the cloud or on-premises — no code required.

Try It Now    Watch the Video

**Automate Your B2B Workflows with External Trading Partners and Internal Applications**  

**No-Code Integrations**

Simplify end-to-end integration using a library of prebuilt industry workflows to rapidly connect external trading partners with all your files, apps, and processes.

B2B Integration

**Certified Managed File Transfer**

Drummond Certified for AS2 messaging & file transfer, supporting major MFT standards like AS2, AS4, OFTP, SFTP, and more.

Managed File Transfer

**API and Application Integration**

Seamlessly connect with external partner APIs, internal applications, and services without custom coding and endless maintenance.

API Integration

**EDI Integration**

No matter your industry-specific EDI requirements, CData Arc supports every major EDI standard and protocol, including X12, HL7, FHIR, and EDIFACT.

Electronic Data Interchange

**Best-in-Class Connectivity**

CData boasts the industry's largest catalog of connectivity solutions, giving you access to 85+ applications and 250+ data sources.

Application & Data Connectors

**No-Code B2B Integration**

Our visual, drag-and-drop interface enables integration without specialized B2B developer skills.

**Connect Everything**

CData Arc is certified for all industry protocols and transports, in addition to 85+ connectors to internal, external, and SaaS systems.

**End-to-End Integration**

Wherever you work, get started instantly in the cloud, via marketplaces like AWS and Azure, or via download.

**10,000 Companies Worldwide Rely on CData Connectivity**

"Exceptional. They have repeatedly surprised me."

"Hated EDI…then I found Arc."

"The breadth of features is amazing"

**Organizations Across Every Industry Benefit from Seamless B2B Integration**

Automating key B2B processes can simplify trading amongst customers, suppliers, and business partners, giving your business a competitive edge in the market.

**E-Commerce**

CData Arc gives you the tools to quickly onboard partners, automate order processing, and manage all your EDI partner integrations in one place — while slashing EDI costs up to 90%.

Learn More

**Healthcare**

Meet stringent interoperability and compliance requirements as you securely and automatically share files, documents, and data across healthcare providers, suppliers, insurers, and more.

Learn More

**Retailers**

Simple, transparent, and affordable way to understand inventory levels, fulfill and ship orders on time, and onboard and manage your supplier and trading partner ecosystem.

Learn More

**Suppliers**

CData Arc helps you connect with any retailer over certified AS2, centrally manage all your EDI connections, and fully automate EDI document generation to comply with any retailer specs.

Learn More

**More Resources**

**Blogs**

How to Make E-Commerce Part of Your B2B Ecosystem

Read More

**Case Studies**

Horizon Blue Cross Blue Shield Meets FHIR Interoperability Standards with CData Arc

Read More

Real-Time Data Integration Helps Orange County Streamline Communication with Constituents

Read More

Tangentia Migrates to CData Arc for Simplified EDI Mapping

Read More

**Videos**

CData Arc Cloud: Next Generation B2B Integration

Register Now

On-Demand Webinar: Solutions for Salesforce Integrations

Watch Now

On-Demand Webinar: Build E-Commerce Workflows in Minutes

Watch Now

CVE-2023-24243: CData Arc- Secure Data Integration & Managed File Transfer (MFT)

Red Hat Security Advisory 2023-3641-01 - This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. Issues addressed include denial of service, deserialization, resource exhaustion, and server-side request forgery vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release  
Advisory ID:       RHSA-2023:3641-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3641  
Issue date:        2023-06-15  
CVE Names:         CVE-2022-25857 CVE-2022-38749 CVE-2022-38750  
                   CVE-2022-38751 CVE-2022-38752 CVE-2022-40152  
                   CVE-2022-40156 CVE-2022-41854 CVE-2022-42003  
                   CVE-2022-42004 CVE-2022-45047 CVE-2022-46363  
                   CVE-2022-46364 CVE-2023-1370 CVE-2023-1436  
                   CVE-2023-20883  
====================================================================  
1. Summary:

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now  
available.

Red Hat Product Security has rated this update as having an impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for  
Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements,  
which are documented in the Release Notes linked in the References. The  
purpose of this text-only errata is to inform you about the security issues  
fixed.

* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)

* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40152)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40156)

* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow  
(CVE-2022-41854)

* snakeyaml: Denial of Service due to missing nested depth limitation for  
collections (CVE-2022-25857)

* sshd-common: mina-sshd: Java unsafe deserialization vulnerability  
(CVE-2022-45047)

* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart  
(Resource Exhaustion) (CVE-2023-1370)

* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject  
(CVE-2022-38750)

* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match  
(CVE-2022-38751)

* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode  
(CVE-2022-38752)

* snakeyaml: Denial of Service due to missing nested depth limitation for  
collections (CVE-2022-25857)

* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)

* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode  
2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject  
2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match  
2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode  
2134288 - CVE-2022-40156 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability  
2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow  
2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration  
2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability  
2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray  
2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)  
2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability

5. References:

https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-38749  
https://access.redhat.com/security/cve/CVE-2022-38750  
https://access.redhat.com/security/cve/CVE-2022-38751  
https://access.redhat.com/security/cve/CVE-2022-38752  
https://access.redhat.com/security/cve/CVE-2022-40152  
https://access.redhat.com/security/cve/CVE-2022-40156  
https://access.redhat.com/security/cve/CVE-2022-41854  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-45047  
https://access.redhat.com/security/cve/CVE-2022-46363  
https://access.redhat.com/security/cve/CVE-2022-46364  
https://access.redhat.com/security/cve/CVE-2023-1370  
https://access.redhat.com/security/cve/CVE-2023-1436  
https://access.redhat.com/security/cve/CVE-2023-20883  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version 23-Q2

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZItdGNzjgjWX9erEAQhc7A/+PfKtOHtO40HR87HLkZdBROVscSVLLgYJ  
y0yTSOnpx2ccBCkpvEA6+7nzu8l3IZFrmAuSkzMJN84oWVyrzRi+BcrAfAB0J7Il  
ItShHVcEJvSzNDrDb9BZ37awga9w/rEkx6h8DwdItClBIlGyaTHhL7dF1XrWSbti  
1Nes6J/FSTVjiW7PDbjb3IL9wB6NAkU+X0vJaOn9DWiInOiAlttaxdupy4GfwO7c  
5tg4po/h2IxCcz7TEHri+Oiyucc014cedEeSizguKqYs16rspagFZGYcM460Qrg/  
cYRPU6NwcYc/tfDubiWle3U7hYbzmY6+DffVS9ksTXz66W2jwWkn1SRJTnk4RsC8  
hWnbxkYcPL24T3gCivZyrRgIX3VDi3RNRR7aYzNR+fWi790noi4Zz0smnO95w2XA  
vyfIRZLfCsgWnKPWo2E8tzanm3jfyorpBao6HvMeKcFhfPFV7Y8ERDNDoS7huU4H  
67NWwTThGGNawChpLxCOkhaIB/tPMAU9EulswBZbRpRXWXaTG8+/OCGO4dZ3x+Wq  
RKybaXvqhIFFITP4gu5XraX/Y/ZbxRi9Qp0w7L0X3lvDE8GQqu2rZ2nSh9oRRKJE  
g7/7LGWtHMS8GfcvnBdlbl1a4NXKLkfLZjaZytAjoj9Yr2A8blAIe8fjRpan8Xmq  
s4LHK2NgW6M=jD7D  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3641-01

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update  
Advisory ID:       RHSA-2023:3609-01  
Product:           RHODF  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3609  
Issue date:        2023-06-14  
CVE Names:         CVE-2022-2795 CVE-2022-3172 CVE-2022-36227   
                   CVE-2022-40023 CVE-2023-2491 CVE-2023-27535   
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat  
OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat  
Container Registry.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multi-cloud data management service with an  
S3-compatible API.

Security Fix(es):

* kube-apiserver: Aggregated API server can cause clients to be redirected  
(SSRF) (CVE-2022-3172)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug fixes:

* Previously, when a sub-directory was created, it would always use its  
parent’s non-projected `gid`/`uid` metadata to set up its own `gid`/`uid`  
metadata. If the journal logs were not flushed, it would always retrieve  
the old `gid`/`uid` metadata.

With this fix, sub-directory uses the projected `gid`/`uid` metadata and as  
a result, the sub-directories inherit the correct `gid`/`uid` metadata from  
its parent. (BZ#2182943)

* Previously, stale RADOS block device (RBD) images were left in the  
cluster as there was some trouble deleting the the RBD image due to  
"numerical result is out of range" error. With this fix, the number of  
trash entries list is increased in go-ceph. So, stale RBD images are not  
found in the Ceph cluster. (BZ#2195989)

* Previously, Multicloud Object Gateway (MCG) Key Management Service (KMS)  
encryption was enabled even when the clusterwide encryption was not enabled  
and only with the KMS encryption enabled. This was because MCG encryption  
was set to enable when one of these conditions was true:  
* storagecluster.Spec.Encryption.Enable  
* storagecluster.Spec.Encryption.ClusterWide  
* storagecluster.Spec.Encryption.KeyManagementService.Enable. 

With this fix, MCG encryption is enabled only when the storagecluster spec  
has KMS enabled and any one of the following conditions is true:  
* Encryption.Enabled OR  
* Encryption.ClusterWide is true OR  
* MCG is in Standalone mode  
As a result, MCG is encrypted appropriately. (BZ#2192596)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to  
these updated images, which provide these bug fixes.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2127804 - CVE-2022-3172 kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)  
2182943 - [GSS] [Tracker for Ceph https://bugzilla.redhat.com/show_bug.cgi?id=2189936] FSGroup is not correctly set on subPath volume for CephFS CSI  
2188331 - [IBM Z ] DR operator is not available in the Operator Hub  
2192596 - [Backport-4.12.z][KMS][VAULT] Storage cluster remains in 'Progressing' state during deployment with storage class encryption, despite all pods being up and running.  
2195989 - timeout during waiting for condition. "error preparing volumesnapshots"  
2208477 - Update to RHCS 5.3z3 Ceph container image at ODF-4.12.4

5. References:

https://access.redhat.com/security/cve/CVE-2022-2795  
https://access.redhat.com/security/cve/CVE-2022-3172  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-40023  
https://access.redhat.com/security/cve/CVE-2023-2491  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIpfp9zjgjWX9erEAQjLKw/9HJueGsph1kaWEcwJzpb8r48GDd5btu7+  
Ov+vQcFeZJLMGSywpLW9/UFozO/kmoKcnXteN39Af/685wd4zN4Zj2WsLqOZflIF  
L0cCmXI1fQhcVTjwE4j5ZGQN1d+Hs/FlXa0zstXBaS1x86S1yjL3ofEn4wClyYdc  
f84MSjKbe7c5mqOTyaq6pVgczoE/pJR9ddZv70nAyRXFNMeI9uUbg29+DHcMCTX7  
dwJD/9SGCUkOFlMV2mkgtb+Hhd2bUOiOh9SkQ+jTIibeu4dyP2nK4MFyzp3EDebF  
hUS8WFCLHtdwCWipSnbcKN4ca8cOHcFjGlCA8FcUeZkLixpN1LCWnYnIk8I3F290  
UD2eQzYt7YYtYfcg16UvDyFZaPqW81aeMV44o3zaHjv2qcLrB5++eKOj7U9zUW6X  
MCaQgh/mJuCBuFm0RCULpqv2Gr4N0y/VEQkpkV0fDlmZgy7I9p3REyIs5OrBDApq  
BYrv229C8GU94YCMieRKo/hwEJ4i6dCbrm9Ra7CxckVI7Qnx69E7oQSgZ1TYT/G3  
/7ZkoOVrwst/VPIGCky/yMKKnmt0fKgoD/S8d0fOsPNfmBNuWw1zXuciT5AfZ4xp  
TVjBkMm+UFYCu5N0LvEdmMpZ2rV9q+NFj9MGuMyp1tBMvp1cBS2a10q/gdw3HbQX  
deHgbsVrN2g=  
=hTv2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3609-01

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag

#ssrf