GHSA-X7FR-PG8F-93F5 sccache vulnerable to privilege escalation if server is run as root

Impact On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package, this means a user running the sccache...

GitHub Security Lab: [Python] Add Unicode Bypass Validation query tests and help

Vulnerability description not provided...

GitHub Security Lab: [Javascript]: Add new queries for Javascript Github Actions

Vulnerability description not provided...

Intel® QAT Driver Advisory

Summary: Potential security vulnerabilities in some Intel® QuickAssist Technology QAT drivers may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-218...

GitHub Security Lab: [python]: Add some dangerous sinks for paramiko ssh clients

Vulnerability description not provided...

GitHub Security Lab: CPP: Add query for CWE-369: Divide By Zero.

Vulnerability description not provided...

GitHub Security Lab: Go : Add more JWT sinks

Vulnerability description not provided...

GitHub Security Lab: [Python]: Timing attack

Vulnerability description not provided...

GitHub Security Lab: [Ruby]: Server Side Template Injection

Vulnerability description not provided...

GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection

Vulnerability description not provided...

GitHub Security Lab: [Python] Unsafe unpacking using shutil.unpack_archive() query and tests

Vulnerability description not provided...

CVE-2023-25559

DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

CVE-2023-25558

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

CVE-2023-25562

DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

Design/Logic Flaw

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

Authentication flaw

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

CVE-2023-25557 Server-Side Request Forgery in DataHub

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

CVE-2023-25557 Server-Side Request Forgery in DataHub

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...