Threat and Vulnerability Intelligence Database

Example Searches:

	Romania's election systems targeted in over 85,000 cyberattacks Description: A declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks. [...] Source: BleepingComputer December 6th, 2024 (5 months ago)
	[@directus/app] Directus has an HTML Injection in Comment Description: Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. Details The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint. Example Request: PATCH /activity/comment/3 HTTP/2 Host: directus.local { "comment": "TEST HTML INJECTION Test Link" } Example Response: { "data": { "id": 3, "action": "comment", "user": "288fdccc-399a-40a1-ac63-811bf62e6a18", "timestamp": "2023-09-06T02:23:40.740Z", "ip": "10.42.0.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "collection": "directus_files", "item": "7247dda1-c386-4e7a-8121-7e9c1a42c15a", "comment": "TEST HTML INJECTION Test Link", "origin": "https://directus.local", "revisions": [] } } Example Result: Impact With the introduction of session cookies this issue has become exploitable as a malicious script is now able to do authenticated actions on the current users behalf. References https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f https://nvd.nist.gov/vuln/detail/CVE-2024-54128 https://github.com/directus/directus/commit/4487fb18d5cb09e071b111d2dc0c9d6bcb437633 https://github.com/directus/directus/comm... Source: Github Advisory Database (NPM) December 5th, 2024 (5 months ago)
	[directus] Directus has an HTML Injection in Comment Description: Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. Details The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint. Example Request: PATCH /activity/comment/3 HTTP/2 Host: directus.local { "comment": "TEST HTML INJECTION Test Link" } Example Response: { "data": { "id": 3, "action": "comment", "user": "288fdccc-399a-40a1-ac63-811bf62e6a18", "timestamp": "2023-09-06T02:23:40.740Z", "ip": "10.42.0.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "collection": "directus_files", "item": "7247dda1-c386-4e7a-8121-7e9c1a42c15a", "comment": "TEST HTML INJECTION Test Link", "origin": "https://directus.local", "revisions": [] } } Example Result: Impact With the introduction of session cookies this issue has become exploitable as a malicious script is now able to do authenticated actions on the current users behalf. References https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f https://nvd.nist.gov/vuln/detail/CVE-2024-54128 https://github.com/directus/directus/commit/4487fb18d5cb09e071b111d2dc0c9d6bcb437633 https://github.com/directus/directus/comm... Source: Github Advisory Database (NPM) December 5th, 2024 (5 months ago)
	[path-to-regexp] Unpatched `path-to-regexp` ReDoS in 0.1.x Description: Impact The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp, originally reported here: https://github.com/advisories/GHSA-9wv6-86v2-598j Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . (e.g. no /:a-:b). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking. References https://github.com/advisories/GHSA-9wv6-86v2-598j https://blakeembrey.com/posts/2024-09-web-redos/ References https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w https://blakeembrey.com/posts/2024-09-web-redos https://github.com/advisories/GHSA-rhx6-c78j-4q9w Source: Github Advisory Database (NPM) December 5th, 2024 (5 months ago)
	[dev.sigstore:sigstore-java] sigstore-java has a vulnerability with bundle verification Description: Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify() Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. All cryptographic materials and identity information in the bundle must still be verified for the verification to pass. A valid signed entry timestamp is still required for verification to pass. sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality. Steps To Reproduce Build the java sigstore-cli at v1.1.0 git clone --branch v1.1.0 [email protected]:sigstore/sigstore-java cd sigstore-java ./gradlew :... Source: Github Advisory Database (Maven) December 5th, 2024 (5 months ago)
	Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels Description: Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. Source: Dark Reading December 5th, 2024 (5 months ago)
	U.S. org suffered four month intrusion by Chinese hackers Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...] Source: BleepingComputer December 5th, 2024 (5 months ago)
	Bypass Bug Revives Critical N-Day in Mitel MiCollab Description: A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround. Source: Dark Reading December 5th, 2024 (5 months ago)
	Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges Description: At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn. Source: Dark Reading December 5th, 2024 (5 months ago)
	US arrests Scattered Spider suspect linked to telecom hacks Description: U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...] Source: BleepingComputer December 5th, 2024 (5 months ago)