CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Impact A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. Patches A patch for this vulnerability is available in the following Argo CD versions: v2.13.4 v2.12.10 v2.11.13 Workarounds There is no workaround other than upgrading. References Fixed with commit https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 & https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca References https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca https://github.com/advisories/GHSA-47g2-qmh2-749v
Source: Github Advisory Database (Go)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)
Description: Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. Vulnerability Details The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). No vulnerabilities were found in the O3 frontend esm modules. The Letter of Attestation from the penetration test is available here for your reference. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”. The full detailed Remediation Pentest Report is available to Implementation Technical Leads upon request. Patches Minimum Requirements for Implementers: We strongly recommend upgrading your modules to the following versions (or greater) as soon as possible. This is the minimum amount to do and be protected from the vulnerabilities found and fixed. The following versions contain the patch: Platform 2.6.11+ How: Increase your platform version number wherever this is specified in your implementation. If you use the OpenMRS SDK, this will be in the distro.prope...
Source: Github Advisory Database (Maven)
January 30th, 2025 (5 months ago)

CVE-2024-55416

Description: DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. References https://nvd.nist.gov/vuln/detail/CVE-2024-55416 https://github.com/thedevdojo/voyager/blob/1.6/resources/views/master.blade.php#L132 https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44 https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities https://github.com/advisories/GHSA-mm49-4f2g-c3wf

EPSS Score: 0.07%

Source: Github Advisory Database (Composer)
January 30th, 2025 (5 months ago)

CVE-2024-55415

Description: DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. References https://nvd.nist.gov/vuln/detail/CVE-2024-55415 https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L213 https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44 https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities https://github.com/advisories/GHSA-j63m-2vr6-fv7m

EPSS Score: 0.07%

Source: Github Advisory Database (Composer)
January 30th, 2025 (5 months ago)
Description: ​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. [...]
Source: BleepingComputer
January 30th, 2025 (5 months ago)