rConfig <= 3.9.6 Shell Upload Exploit

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...

GitLab: Stored XSS in Mermaid when viewing Markdown files

Summary GitLab's Mermaid configuration allows an attacker to inject HTML in the rendered Markdown. This can be combined with a CSP bypass using pipeline artifacts to achieve RCE. Steps to reproduce 1. Create a repository on GitLab.com 2. Add the following to .gitlab-ci.yml yaml --- job: script: -...

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known ...

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

PT-2021-14693 · Jenkins · Jenkins S3 Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.6 and earlier Description: The issue allows attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled, due to a lack...

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Summary Updated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign Intelligence Service SVR. Additional information may be found in astatement from the White House. For more information on SolarWinds-related activity, go to...

CVE-2021-28820

The FTL Server tibftlserver, FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker...

MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Assessing Managed Detection and Response MDR vendors is no easy task. However, evaluating each based on...

Information disclosure

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Gener...

CVE-2021-21360

CVE-2021-21360 affects the Products.GenericSetup mini-framework used with Zope. Affected versions are before 2.1.1 and allow anonymous visitors to view log and snapshot files generated by the Generic Setup Tool (information disclosure). The issue has been fixed in version 2.1.1.remediation steps ...

Race Condition

jenkins is vulnerable to a Race Condition. This vulnerability exists due to a lack of validation of time-of-check to time-of-use, which allows an attacker to read arbitrary files using the file browser for workspaces and archived artifacts...

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

jenkins: Filesystem traversal by privileged users

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

OPENSUSE-SU-2021:0312-1 Security update for mumble

This update for mumble fixes the following issues: mumble was updated to 1.3.4: Fix use of outdated non-existent notification icon names Fix Security vulnerability caused by allowing non http/https URL schemes in public server list boo1182123 Server: Fix Exit status for actions like --version or...

Security update for mumble (moderate)

openSUSE Security Update: Security update for mumble Announcement ID: openSUSE-SU-2021:0312-1 Rating: moderate References: 1180068 1182123 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for mumble fixes the...