TestRail CLI FieldsParser eval Injection

This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Since that report has disappeared, the link I had provided to MITRE was invalid, so here it is again. -Devin --- Unsafe eval in TestRail CLI FieldsParser Date Reported:...

GHSA-H355-HM5H-CM8H Agnai File Disclosure Vulnerability: JSON via Path Traversal

CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html CVSSv3.1 4.3 - Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Summary A vulnerability has been discovered in Agnai that permits attackers to read arbitrary JS...

CVE-2024-4350

Summary (Concrete CMS CVE-2024-4350): Concrete CMS versions 9.0.0–9.3.2 and below 8.5.18 are vulnerable to a Stored XSS in the RSS Displayer when user input is stored and later embedded into responses, due to insufficient input validation. Root cause: vulnerable code path in the RSS Displayer all...

CVE-2024-7394

CVE-2024-7394 affects Concrete CMS versions 9 up to 9.3.2 and below 8.5.18, with a Stored XSS in getAttributeSetName() exploited by a rogue administrator who can inject malicious code. The root cause is insufficient input handling in the getAttributeSetName function. The provided documents confir...

GHSA-56FM-HFP3-X3W3 Wallabag user can disable 2FA unintentionally

Impact wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily disable 2FA through /config/otp/app/disable and /config/otp/email/disable. This vulnerability has a CVSSv3.1 score of 4.3. You should upgrade your instance to version 2.6.7 or higher...

Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

GHSA-P8GP-899C-JVQ9 Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

GHSA-GJVC-55FW-V6VQ Wallabag user can delete own API client unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via /developer/client/delete/id This vulnerability has a CVSSv3.1 score of 6.5. You should immediately patch your instance to version 2.6.3 or higher if you have...

CVSSv4 Public Preview Announcement

On June 8, 2023, at the 35th Annual FIRST Conference in Montreal, the public preview of CVSSv4 was announced. The Common Vulnerability Scoring System CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities. Since its initial release in 2004, CVSS h...

Grafana -- Stored XSS in Graphite FunctionDescription tooltip

Grafana Labs reports: When a user adds a Graphite data source, they can then use the data source in a dashboard. This capability contains a feature to use Functions. Once a function is selected, a small tooltip appears when hovering over the name of the function. This tooltip allows you to delete...

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

On November 14, 2022, Rapid7's product engineering team discovered that the mechanism in Nexpose and InsightVM used to validate the source of an update file was unreliable. This failure, which involved the internal cryptographic validation of received updates, was designated as CVE-2022-4261, and...

Security Advisory 0072

Security Advisory 0072 . CSAF PDF Date: February 2nd, 2022 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | February 2nd, 2022 | Initial Release The CVE-ID tracking this issue: CVE-2021-28503 CVSSv3.1 Base Score: 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H The internal bug tracking...

CVE-2021-22967

Concrete CMS (formerly concrete5) before 8.5.7 is affected by CVE-2021-22967, an improper access control that allows an unauthenticated user to access restricted files when they can add a message to a conversation (IDOR). The root cause is an insufficient permission check when attaching files to ...

Yellowfin Cross Site Scripting / Insecure Direct Object Reference

YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...

NSO Pegasus iPhone Spyware Vulnerabilities Fixed by Apple – Detect & Prioritize Using VMDR for Mobile Devices

Apple recently released iOS and iPadOS 12.5.5, 15.0, which includes a security update that addresses almost 25 vulnerabilities, including several critical RCE and privilege escalation vulnerabilities. In 12.5.5, Apple fixed 3 critical zero-day vulnerabilities, which are used to deploy NSO Pegasus...

Security Advisory 0067

Security Advisory 0067 . CSAF PDF Date: August 20th, 2021 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 20th, 2021 | Initial Release The CVE-ID tracking this issue: CVE-2021-28493 CVSSv3.1 Base Score: 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Description This advisory...

Local Information Disclosure Vulnerability in Netty on Unix-Like systems

Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...

Security Advisory 0055

Security Advisory 0055 PDF Date: December 16th, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 16th, 2020 | Initial Release The CVE-ID tracking this issue: CVE-2020-26568 CVSSv3.1 Base Score: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Description This advisory...

GHSA-G3WG-6MCF-8JJ6 Local Temp Directory Hijacking Vulnerability

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the...