CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24355 |
Description: Summary
Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation.
Details
During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure.
Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository .e.g. wrong coordinates provided, not existing artifact or version.
PoC
The documentation currently state to provide user credentials as basic auth inside the repository field. e.g.
sources:
default:
kind: maven
spec:
repository: "{{ requiredEnv "MAVEN_USERNAME" }}:{{ requiredEnv "MAVEN_PASS" }}@repo.example.org/releases"
groupid: "org.example.company"
artifactid: "my-artifact"
versionFilter:
kind: regex
pattern: "^23(\.[0-9]+){1,2}$"
Logs are sanitized properly in case of a successful operation:
source: source#default
-----------------------------------------------------------
Searching for version matching pattern "^23(\\.[0-9]+){1,2}$"
✔ Latest version is 23.4.0 on the Maven repository at https://repo.example.org/releases/org/example/company/my-artifact/maven-metadata.xml
but leaks credentials in case the GAV coordinates are wrong (misspelled package name or missing):
source: source#default
-----------------------------------------------------------
ERROR:...
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-24359 |
Description: Summary
If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library.
Details
The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In particular, the on_formattedvalue value uses the dangerous format method of the str class, as shown in the vulnerable code snippet below:
def on_formattedvalue(self, node): # ('value', 'conversion', 'format_spec')
"formatting used in f-strings"
val = self.run(node.value)
fstring_converters = {115: str, 114: repr, 97: ascii}
if node.conversion in fstring_converters:
val = fstring_converters[node.conversion](val)
fmt = '{__fstring__}'
if node.format_spec is not None:
fmt = f'{{__fstring__:{self.run(node.format_spec)}}}'
return fmt.format(__fstring__=val)
The code above allows an attacker to manipulate the value of the string used in the dangerous call fmt.format(__fstring__=val). This vulnerability can be exploited to access protected attributes by intentionally triggering an AttributeError exception. The attacker can then catch the exception and use its obj attribute to gain arbitrary access to sensitive or protected object properties.
PoC
The following proof-of-concept (PoC) demonstrates how this vulnerability can be exploited to execute the whoami command on the host machine:
from asteval import In...
CVSS: HIGH (8.4) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
Description: Impact
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML.
A previous release provided an incomplete solution revealed by new testing.
Patches
This issue has been patched as of version 1.7.4
Workarounds
None
References
Previous Advisory for Incomplete solution
MITRE CWE
OWASP XML External Entity Prevention Cheat Sheet
References
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm
https://github.com/advisories/GHSA-8c3x-hq82-gjcm
January 24th, 2025 (5 months ago)
|
|
|
Description: Impact
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML.
A previous release provided an incomplete solution revealed by new testing.
Patches
This issue has been patched as of version 1.7.4
Workarounds
None
References
Previous Advisory for Incomplete solution
MITRE CWE
OWASP XML External Entity Prevention Cheat Sheet
References
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm
https://github.com/advisories/GHSA-8c3x-hq82-gjcm
January 24th, 2025 (5 months ago)
|
|
CVE-2025-24362 |
Description: Impact summary
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository would be able to access this artifact, containing any secrets from the environment.
For some affected workflow runs, the exposed environment variables in the debug artifacts included a valid GITHUB_TOKEN for the workflow run, which has access to the repository in which the workflow ran, and all the permissions specified in the workflow or job. The GITHUB_TOKEN is valid until the job completes or 24 hours has elapsed, whichever comes first.
Environment variables are exposed only from workflow runs that satisfy all of the following conditions:
Code scanning workflow configured to scan the Java/Kotlin languages.
Running in a repository containing Kotlin source code.
Running with debug artifacts enabled.
Using CodeQL Action versions <= 3.28.2, and CodeQL CLI versions >= 2.9.2 (May 2022) and <= 2.20.2.
The workflow run fails before the CodeQL database is finalized within the github/codeql-action/analyze step.
Running in any GitHub environment: GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server. (Note: artifacts are only accessible to users within the same GitHub environment with access to the scanned repo.)
The GITHUB_TOKEN exposed in this way would only ha...
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
|
Description: Rey is Allegedly Selling VPN Access to U.S. City Government and Police
January 24th, 2025 (5 months ago)
|
|
|
Description: Oral Roberts University Mabee Center Has Been Claimed a Victim to RHYSIDA Ransomware
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23006 |
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
EPSS Score: 1.37%
January 24th, 2025 (5 months ago)
|
|
|
Description: This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss Nazis celebrating Elon Musk’s salute, Zuckerberg as a kook, dictating your own threat model and a good block/mute ethos.
January 24th, 2025 (5 months ago)
|
|
|
Description: Offensive Linux Security Tools
January 24th, 2025 (5 months ago)
|