Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-m979-w9wj-qfj9: HashiCorp Vault Improper Privilege Management

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

ghsa
Open in Source
#vulnerability#git
GHSA-j6vv-vv26-rh7c: HashiCorp Vault Improper Privilege Management

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.

Approaching Complex Data Security for Small Businesses

By Waqas Small businesses are faced with unique challenges in terms of data security. You don’t have the vast resources… This is a post from HackRead.com Read the original post: Approaching Complex Data Security for Small Businesses

GHSA-67m4-qxp3-j6hh: TrueLayer.Client SSRF when fetching payment or payment provider

### Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. ### Patches Versions of TrueLayer.Client `v1.6.0` and later are not affected. ### Workarounds The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the TrueLayer.Client library.

GHSA-rv8p-rr2h-fgpg: @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

### Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages. ### Patches To fix this issue, please update to version 0.7.0 or later. ### Workarounds There are no known workarounds for this issue. Please update to version 0.7.0

GHSA-qhjf-hm5j-335w: @urql/next Cross-site Scripting vulnerability

## impact The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1

GHSA-997g-27x8-43rf: react-query-streamed-hydration Cross-site Scripting vulnerability

### Impact The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper handling of untrusted input when `@tanstack/react-query-next-experimental` performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages. ### Patches To fix this issue, please update to version 5.18.0 or later. ### Workarounds There are no known workarounds for this issue. Please update to version 5.18.0 or later.

GHSA-475g-vj6c-xf96: CrateDB database has an arbitrary file read vulnerability

### Summary There is an arbitrary file read vulnerability in the CrateDB database, and authenticated CrateDB database users can read any file on the system. ### Details There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. ### PoC ``` CREATE TABLE info_leak(info_leak STRING); COPY info_leak FROM '/etc/passwd' with (format='csv', header=false); or COPY info_leak FROM '/crate/config/crate.yml' with (format='csv', header=false); SELECT * FROM info_leak; ``` ![image](https://user-images.githubusercontent.com/154296962/292985975-ff5f2fb8-1a3f-4b49-9951-cd1fc6e78031.png) ### Impact This vulnerability affects all current versions of the CrateDB database. Attackers who exploit this vulnerability to obtain sensitive information may carry out further attacks, while a...

GHSA-rjmv-52mp-gjrr: vantage6 may create unencrypted tasks in encrypted collaboration

### Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. ### Workarounds This is not an issue with the normal workflow, only if e.g. a user with the python client sets encryption to the wrong value.

GHSA-2wgc-48g2-cj5w: vantage6 has insecure SSH configuration for node and server containers

### Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to completely remove the ssh option as it is only used for debugging. Later, we can add a debug mode where we can activate it if necessary. ### Workarounds Remove the ssh part from the docker file and build your own docker image