Tag
#vulnerability
### Impact When combined with an attack of `JUJU_CONTEXT_ID`, any user on the local system with access to the default network namespace may connect to the `@/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket` and perform actions that are normally reserved to a juju charm. ### Patches Patch: https://github.com/juju/juju/commit/2f2ec128ef5a8ca81fc86ae79cfcdbab0007c206 Patched in: - 3.5.4 - 3.4.6 - 3.3.7 - 3.1.10 - 2.9.51 ### Workarounds No workarounds available. ### References [GHSA-mh98-763h-m9v4](https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4) https://github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/uniter/paths.go#L222
### Impact Configuration supplied through `APP_CONFIG_*` environment variables, for example `APP_CONFIG_backend_listen_port=7007`, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the `APP_CONFIG_*` way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. ### Patches The issue has been resolved in version `0.3.75` of the `@backstage/plugin-app-backend` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. ### Workarounds As a temporary measure, avoid supplying secrets using the `APP_CONFIG_` configuration pattern. Consider alternative methods for setting secrets, such as the [enviro...
For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem
Singapore, Singapore, 3rd October 2024, CyberNewsWire
Torrance, United States / California, 3rd October 2024, CyberNewsWire
Businesses that successfully manage the complexities of multicloud management will be best positioned to thrive in an increasingly digital and interconnected world.
Ubuntu Security Notice 7021-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Acronis Cyber Infrastructure (ACI) is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native applications in production environments. This Metasploit module exploits a default password vulnerability in ACI which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This opens the door for the attacker to upload SSH keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world. ACI versions 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132 are vulnerable.
dizqueTV version 1.5.3 suffers from a remote code execution vulnerability.
Ubuntu Security Notice 7052-1 - It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.