#vulnerability

Making sure your Kubernetes environment is secure and compliant is a critical, ongoing challenge, especially for enterprise workloads in the hybrid cloud. To help you meet security requirements with greater confidence and efficiency, we’ve just rolled out key updates to Red Hat Advanced Cluster Security for Kubernetes Cloud Service. This latest release helps significantly strengthen your security posture with newly added industry-standard certifications, including ISO 27001 and PCI DSS 4.0, and deeper integration with key AWS services. These enhancements are designed to streamline compliance

Plus: Spyware is found on two Italian journalists’ phones, Ukraine claims to have hacked a Russian aircraft maker, police take down major infostealer infrastructure, and more.

Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. Credit: Rémy Marot <[email protected]>

### Impact goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. ### Patches Has the problem been patched? What versions should users upgrade to? The problem is patched with Version 1.4.3 ### Workarounds Patch `src/Goodby/CSV/Export/Standard/Collection /CallbackCollection.php`: ```diff + public function __wakeup() { + throw new \BadMethodCallException('Cannot unserialize ' . __CLASS__); + } ``` However, this is not directly exploitable; a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in goodby-csv. ### References _Are there any links users can visit to find out more?_

### Impact Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. The detailed reproduction steps can be found in the [original bug report](https://jira.xwiki.org/browse/XWIKI-22719). ### Patches This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3. ### Workarounds Restricting edit rights on all existing App Within Minutes applications to trusted users mitigates at least the PoC exploit, but we can't exclude that there are other ways to exploit this vulnerability.

### Impact When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationDisplayerClass` object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. ### Patches This vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code. ### Workarounds We're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.

### Impact Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the `children` macro that is used in a page that has programming right like the page `XWiki.ChildrenMacro` and thus allows arbitrary script macros. The full reproduction steps can be found in the [original issue](https://jira.xwiki.org/browse/XWIKI-22760). ### Patches This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value. ### Workarounds We're not aware...

### Impact Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5. ### Patches The patch consists in only setting the `originalMetadataAuthor` when performing such change, so that it's displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation). This patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4. ### Workarounds There's no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights. Administrators are strongly advised to upgrade. If not possible, the patch only impacts module `xwiki-platform-refactoring-default` so it's possible to apply the commit and rebuild and deploy only that mo...

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.