CyberAlerts

CVE-2024-13352

Description: The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

February 8th, 2025 (5 months ago)

CVE-2024-10383

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

Description: An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

February 8th, 2025 (5 months ago)

CVE-2024-1013

Unixodbc: out of bounds stack write due to pointer-to-integer types conversion

Description: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.

EPSS Score: 0.05%

Source: CVE

February 8th, 2025 (5 months ago)

CVE-2024-0607

Kernel: nf_tables: pointer math issue in nft_byteorder_eval()

Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

EPSS Score: 0.04%

Source: CVE

February 8th, 2025 (5 months ago)

CVE-2024-0560

Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

Description: A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

EPSS Score: 0.11%

Source: CVE

February 8th, 2025 (5 months ago)

Daily Dose of Dark Web Informer - February 7th, 2025

Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Source: DarkWebInformer

February 8th, 2025 (5 months ago)

[github.com/drakkan/sftpgo/v2] SFTPGo has insufficient sanitization of user provided rsync command

Description: Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. Patches This issue was fixed in version v2.6.5 by checking the client provided arguments. https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 References https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 https://github.com/advisories/GHSA-vj7w-3m8c-6vpx

Source: Github Advisory Database (Go)

February 7th, 2025 (5 months ago)

[github.com/drakkan/sftpgo] SFTPGo has insufficient sanitization of user provided rsync command

Description: Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. Patches This issue was fixed in version v2.6.5 by checking the client provided arguments. https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 References https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 https://github.com/advisories/GHSA-vj7w-3m8c-6vpx

Source: Github Advisory Database (Go)

February 7th, 2025 (5 months ago)

[pimcore/admin-ui-classic-bundle] Pimcore Admin Classic Bundle allows user enumeration

Description: Description Summary Pimcore Admin Classic Bundle allows attackers to enumerate valid accounts because the Forgot password functionality uses different messages when the account is valid vs not. Details -> error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. since no generic error message is being implemented. PoC Enter first a valid account email address and click on submit A green message validating the account exists is shown and a login link is sent to the email now go back and use a random email from temp-mail to test with a non existant account click on submit and get an error in red that a problem occured Impact user enumeration is a confidentiality threat , that could potentially lead to an attacker to enumerate valid accounts and maybe taking over accounts in case combined with credential stuffing on an organisation . A remedition would be to change the error message in both cases ( valid and invalid emails ) to what we call a "synchronised error " it would be for example : " if the given email address is linked to an account , then a login link would be sent to that email " or something along those lines References https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24 https://github.com/pimcore/admin-ui-classic-bundle/pull/808 https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9 https://github.com/advisories/GHS...

Source: Github Advisory Database (Composer)

February 7th, 2025 (5 months ago)

[opensource-workshop/connect-cms] Connect-CMS Access control vulnerability

Description: Impact（影響） There is an Access control vulnerability on the management system of Connect-CMS. Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier Patches（修正バージョン） version v1.8.7, v2.4.7 Workarounds（運用回避手段） Upgrade Connect-CMS to latest version References https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg https://github.com/advisories/GHSA-5rjc-jc28-cwgg

Source: Github Advisory Database (Composer)

February 7th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13352	Legull <= 1.2.2 - Reflected XSS Description: The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2024-10383	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork Description: An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2024-1013	Unixodbc: out of bounds stack write due to pointer-to-integer types conversion Description: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. EPSS Score: 0.05% Source: CVE February 8th, 2025 (5 months ago)
CVE-2024-0607	Kernel: nf_tables: pointer math issue in nft_byteorder_eval() Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2024-0560	Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions Description: A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid. EPSS Score: 0.11% Source: CVE February 8th, 2025 (5 months ago)
	Daily Dose of Dark Web Informer - February 7th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer February 8th, 2025 (5 months ago)
	[github.com/drakkan/sftpgo/v2] SFTPGo has insufficient sanitization of user provided rsync command Description: Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. Patches This issue was fixed in version v2.6.5 by checking the client provided arguments. https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 References https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 https://github.com/advisories/GHSA-vj7w-3m8c-6vpx Source: Github Advisory Database (Go) February 7th, 2025 (5 months ago)
	[github.com/drakkan/sftpgo] SFTPGo has insufficient sanitization of user provided rsync command Description: Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided rsync command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. Patches This issue was fixed in version v2.6.5 by checking the client provided arguments. https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 References https://github.com/drakkan/sftpgo/security/advisories/GHSA-vj7w-3m8c-6vpx https://github.com/drakkan/sftpgo/commit/b347ab6051f6c501da205c09315fe99cd1fa3ba1 https://github.com/advisories/GHSA-vj7w-3m8c-6vpx Source: Github Advisory Database (Go) February 7th, 2025 (5 months ago)
	[pimcore/admin-ui-classic-bundle] Pimcore Admin Classic Bundle allows user enumeration Description: Description Summary Pimcore Admin Classic Bundle allows attackers to enumerate valid accounts because the Forgot password functionality uses different messages when the account is valid vs not. Details -> error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. since no generic error message is being implemented. PoC Enter first a valid account email address and click on submit A green message validating the account exists is shown and a login link is sent to the email now go back and use a random email from temp-mail to test with a non existant account click on submit and get an error in red that a problem occured Impact user enumeration is a confidentiality threat , that could potentially lead to an attacker to enumerate valid accounts and maybe taking over accounts in case combined with credential stuffing on an organisation . A remedition would be to change the error message in both cases ( valid and invalid emails ) to what we call a "synchronised error " it would be for example : " if the given email address is linked to an account , then a login link would be sent to that email " or something along those lines References https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24 https://github.com/pimcore/admin-ui-classic-bundle/pull/808 https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9 https://github.com/advisories/GHS... Source: Github Advisory Database (Composer) February 7th, 2025 (5 months ago)
	[opensource-workshop/connect-cms] Connect-CMS Access control vulnerability Description: Impact（影響） There is an Access control vulnerability on the management system of Connect-CMS. Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier Patches（修正バージョン） version v1.8.7, v2.4.7 Workarounds（運用回避手段） Upgrade Connect-CMS to latest version References https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg https://github.com/advisories/GHSA-5rjc-jc28-cwgg Source: Github Advisory Database (Composer) February 7th, 2025 (5 months ago)