PT-2023-12303 · Red Hat · Openshift Assisted Installer

Name of the Vulnerable Software and Affected Versions: OpenShift Assisted Installer affected versions not specified Description: A vulnerability was found in OpenShift Assisted Installer where image pull secrets were leaked as plaintext in the installation logs during the generation of the...

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

CVE-2023-28431

CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

GHSA-6Q4M-7476-932W github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

PT-2023-21224 · Github · Github-Slug-Action

Name of the Vulnerable Software and Affected Versions: github-slug-action versions 4.0.0 through 4.4.1 Description: The github-slug-action uses the github.head ref parameter in an insecure way, allowing any user on GitHub to trigger the vulnerability by creating a pull request with a branch name...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

PT-2023-12181 · Octobox · Octobox

Name of the Vulnerable Software and Affected Versions: Octobox versions prior to pull request 2807 Description: Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability...

SUSE CVE-2008-4297

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request...

SUSE CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

SUSE CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

SUSE CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

SUSE CVE-2021-21272

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloade...

SUSE CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

IDOR Vulnerability in Nextcloud Mail

None...