Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.
November 27th, 2024 (5 months ago)
|
|
|
Description: Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities.
November 27th, 2024 (5 months ago)
|
|
|
Description: Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
November 27th, 2024 (5 months ago)
|
|
|
Description: HAProxy contains a HTTP request/response smuggling vulnerability.
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the creation of accounts with passwords as short as a single character.
Details
When an email messaging provider is enabled and a new user account is created in the system, an invite email containing a special link is sent to the new user's email address. This link directs the new user to a page where they can set their initial password. While the user interface implements password complexity checks, these validations are only performed client-side. The underlying /api/v1/user/accept-invite API endpoint does not implement the same password policy validations.
Impact
This vulnerability allows an invited user to set an extremely weak password for their own account during the initial account setup process. Therefore that specific user's account can be compromised easily by an attacker guessing or brute forcing the password.
Patches
The vulnerability has been patched in Fides version 2.50.0. Users are advised to upgrade to this version or later to secure their systems against this threat.
Workarounds
There are no workarounds.
Severity
This vulnerability has been assigned a severity of LOW.
Using CVSS v3.1 it could be scored as CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N (5.7 Medium/Moderat...
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information.
Details
visit https://chat-preview.lobehub.com/
click settings -> llm -> openai
fill the OpenAI API Key you like
fill the proxy address that you want to attack (e.g. a domain that resolved to a local ip addr like 127.0.0.1.xip.io) (the address will concat the path "/chat/completions" which can be bypassed with sharp like "http://172.23.0.1:8000/#")
then lobe will echo the ssrf result
The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, you can modify it to scan internal network in your target lobe-web.
PoC
POST /api/chat/openai HTTP/2
Host: chat-preview.lobehub.com
Cookie: LOBE_LOCALE=zh-CN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined; _ga=GA1.1.86608329.1711346216; _ga_63LP1TV70T=GS1.1.1711346215.1.1.1711346244.0.0.0
Content-Length: 158
Sec-Ch-Ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-Lobe-Chat-Auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NDb2RlIjoiIiwiYXBpS2V5IjoiMSIsImVuZHBvaW50IjoiaHR0cDovLzEyNy4wLjAuMS54aXAuaW86MzIxMCIsImlhdCI6MTcxMTM0NjI1MCwiZXhwIjoxNzExMzQ2MzUwfQ.ZZ3v3q9T8E6llOVGOA3ep5OSVoFEawswEfKtufCcwL4
Content-Type: application/json
X-Lobe-Trace: eyJlbmFibGVkIjpmYWxzZX0=
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, ...
November 27th, 2024 (5 months ago)
|
|
|
Description: Impact
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the authentication flow of the application. This issue arises due to improper sanitization of the URL parameters, allowing the URL bar's contents to be injected and reflected into the HTML page. An attacker could craft a malicious URL to execute arbitrary JavaScript in the browser of a victim who visits the link.
Who is impacted?
Any application utilizing this authentication library is vulnerable. Users of the application are at risk if they can be lured into clicking on a crafted malicious link.
Patches
The vulnerability has been patched in 2.5.5 by ensuring proper sanitization and escaping of user input in the affected URL parameters.
Users are strongly encouraged to upgrade to the following versions:
Workarounds
If upgrading is not immediately possible, users can implement the following workarounds:
Employ a Web Application Firewall (WAF) to block malicious requests containing suspicious URL parameters.
Apply input validation and escaping directly within the application’s middleware or reverse proxy layer, specifically targeting the affected parameters.
References
OWASP Cross-Site Scripting (XSS) Cheat Sheet: https://owasp.org/www-community/attacks/xss/
References
https://github.com/DapperDuckling/keycloak-connector/security/advisories/GHSA-w5rq-g9r6-vrcg
https://nvd.nist.gov/vuln/detail/CVE-2024-53843
https://github.com/advisories/GHSA-w5rq-g9r6-vrcg
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log
Impact
This bug impacts clients using any variation of KeylessVerifier.verify()
The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged.
This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors.
The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass.
sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.
Steps To Reproduce
Build the java sigstore-cli at v1.0.0
git clone --branch v1.0.0 [email protected]:sigstore/sigstore-java
cd sigstore-java
./gradlew :sigstore-cli:build
tar -xf sigstore-cli/build/distributions/sigstore-cli-1.0.0-SNAPSHOT.tar --strip-components 1
Create two random blobs
dd bs=1 count=50 </dev/urandom > blob1
dd bs=1 count=50 </dev/urandom > blob2
Sign each blob using the cli
./bin/sigstore-cli sign --bund...
November 27th, 2024 (5 months ago)
|
|
|
Description: Impact
Existing lakeFS users who have issued credentials to users who have been deleted.
Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
A possible workaround will be not to reuse usernames that were previously deleted
References
Are there any links users can visit to find out more?
References
https://github.com/treeverse/lakeFS/security/advisories/GHSA-hh33-46q4-hwm2
https://nvd.nist.gov/vuln/detail/CVE-2024-43784
https://github.com/treeverse/lakeFS/releases/tag/v1.33.0
https://github.com/advisories/GHSA-hh33-46q4-hwm2
November 27th, 2024 (5 months ago)
|
|
|
Description: Impact
Patches
1.31.1, 1.30.6, 1.29.8
Workarounds
set enable_criu_support = false
References
Are there any links users can visit to find out more?
References
https://github.com/cri-o/cri-o/security/advisories/GHSA-7p9f-6x8j-gxxp
https://nvd.nist.gov/vuln/detail/CVE-2024-8676
https://github.com/cri-o/cri-o/commit/e8e7dcb7838d11b5157976bf3e31a5840bb77de7
https://access.redhat.com/security/cve/CVE-2024-8676
https://bugzilla.redhat.com/show_bug.cgi?id=2313842
https://github.com/advisories/GHSA-7p9f-6x8j-gxxp
November 27th, 2024 (5 months ago)
|