Tag
#vulnerability
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token during its authentication flow, a value that identifies the Originating Party (IdP). This vulnerability may allow attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. OpenId Connect Authentication Plugin 4.355.v3a_fb_fca_b_96d4 checks the `iss` (Issuer) claim of an ID Token during its authentication flow when the Issuer is known.
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token during its authentication flow, a value to verify the token is issued for the correct client. This vulnerability may allow attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. OpenId Connect Authentication Plugin 4.355.v3a_fb_fca_b_96d4 checks the `aud` (Audience) claim of an ID Token during its authentication flow.
Jenkins provides APIs for fine-grained control of item creation: - Authorization strategies can prohibit the creation of items of a given type in a given item group (`ACL#hasCreatePermission2`). - Item types can prohibit creation of new instances in a given item group (`TopLevelItemDescriptor#isApplicableIn(ItemGroup)`). If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk. This allows attackers with Item/Create permission to bypass these restrictions, creating a temporary item. With Item/Configure permission, they can also save the item to persist it. If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.479, LTS 2.462.3 does not retain the item in memory.
### Impact The "download image from remote URL" feature can be abused by a malicious actor to potentially extract information about server side resources. Submitting a crafted URL (in place of a valid image) can raise a server side error, which is reported back to the user. This error message may contain sensitive information about the server side request, including information about the availability of the remote resource. ### Patches The solution to this vulnerability is to prevent the server from returning any specific information about the observed exception. Instead, a generic error message is returned to the client. This patch has been applied to the upcoming 0.17.0 release, and also back-ported to the 0.16.5 stable release. ### Workarounds To avoid this issue with unpatched versions, the "download image from remote URL" feature can be disabled in InvenTree, preventing users from accessing this information. ### References Thanks to @febin0x10 for identifying this vulne...
This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai,…
Proof of concept remote command execution exploit for CUPS that leverages the vulnerability outlined in CVE-2024-47176.
Ubuntu Security Notice 7051-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.
Ubuntu Security Notice 7050-1 - Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled generating multi-factor authentication codes. An attacker could possibly use this issue to generate valid multi-factor authentication codes.