#vulnerability

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

### Summary A vulnerability has been discovered in the handling of the referrer header in the application, which could allow an attacker to conduct open redirects. The issue arises from improper validation of the referrer header in certain conditions. By manipulating the referrer header, an attacker could potentially redirect users to malicious websites, phishing pages, or other dangerous destinations. ### PoC If you change the referer header, you will be redirected to that domain without verifying. https://github.com/Clinical-Genomics/cg/blob/master/cg/server/invoices/views.py#L173 ### Impact An attacker exploiting this vulnerability could trick users into visiting malicious websites or disclose sensitive information by redirecting them to unintended destinations. This could lead to various attacks including phishing, malware distribution, or further exploitation of other vulnerabilities.

### Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. ### Details Since [#26848](https://github.com/renovatebot/renovate/pull/26848), `registryAliases` has become mergeable. This means that the helmv3 manager started honoring its value and uses a `helm repo add <key> <parameters>` command for each defined alias. See source code: https://github.com/renovatebot/renovate/blob/23f3df6216375cb5bcfe027b0faee304f877f891/lib/modules/manager/helmv3/artifacts.ts#L80 The key was not quoted, leading to the ability to use variable references (`$FOO`) in it and have them printed by Renovate on the pull request, or even running any shell commands. ### PoC Inside a repository where Renovate runs, add a Helm chart with an outdated dependency, for example: test-chart/Chart.yaml: ``` apiVersion: v2 name: redis version: 1.0.0 dependencies: - name: redis version: 18.13.10 repository: oc...

By Waqas Coffee with Double Brew of Trouble! This is a post from HackRead.com Read the original post: Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins

Debian Linux Security Advisory 5673-1 - Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code.

Ubuntu Security Notice 6746-1 - It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by Fo...

Debian Linux Security Advisory 5672-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.

GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.

Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.