CVE-2024-31305 WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5...

PT-2024-23953 · Rtcamp · Rtcamp Transcoder

Name of the Vulnerable Software and Affected Versions: rtCamp Transcoder versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. Recommendations: For versions 1.3.5 and earlier, update to a version that contains a fix for this issue...

WordPress Plugin Transcoder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Transcoder < 1.3.6 - Cross-Site Request Forgery

Description The Transcoder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the disabletranscoding and enabletranscoding functions. This makes it possible for unauthenticated attackers...

WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Transcoder versions = 1.3.5...

WordPress Transcoder Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Transcoder Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31305 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2fac90bed794 Credits Majed Refaea Required privileg...

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

Lines of code Vulnerability details Impact If a transcoder gets slashed fully he can still vote with 0 amount of weight making any other delegated user that wants to change his vote to subtract their weight amount from other delegators/transcoders. Proof of Concept In BondingManager.sol any...

using increaseTotalStakeUncheckpointed() instead of increaseTotalStake() can lead to inconsistent transcoder state

Lines of code Vulnerability details Impact This allows a transcoder to increase their voting power without actually increasing their stake. Proof of Concept The relevant code that uses increaseTotalStakeUncheckpointed and skips transcoder state checkpointing is in the updateTranscoderWithRewards...

Increasing Stake records the delegated amount for delegator, but does not update the earningsPool stake for transcoder resulting in loss of rewards

Lines of code Vulnerability details Impact IncreaseTotalStakeUncheckedPoint function updates the delegated amount, but could may not update the staked amount for the transcoder. This will impact the rewards calculation for transcoder and delegators. Proof of Concept When the TotalStake is...

[M-01] Transcoder can front-run slasher to avoid getting slashed and continue voting

Lines of code Vulnerability details Impact In BondingManager.slashTranscoder, verifier can slash transcoderdelegator bonded amounts. However, this can be easily front runned via BondingManager.unbondWithHint by reducing bonded amount to avoid slashing via underflow and keep bonded position...

The logic in _handleVoteOverride to determine if an account is transcoder is not consistent with the logic in the BondManager.sol

Lines of code Vulnerability details Impact The logic in handleVoteOverride to determine if an account is transcoder has issue Proof of Concept In the current implementation, when a voting, the function countVote is triggered, this function is overriden in the function...

Slashed transcoder can gain more voting power than it should if all of his bondedAmount would be slashed

Lines of code Vulnerability details Impact Slashed transcoders can still become active transcorders by bonding an amount again to increase the total stake, which can inflate the actual delegatedAmount, giving those transcorders more power voting power than it should. Proof of Concept Every time...

Total stake will be incorrectly reduced if the transcoder was already deactivated.

Lines of code Vulnerability details Impact This will result in the total active stake being incorrectly calculated in future rounds. Some transcoders may get more or less rewards than they should. Proof of Concept The key functions involved are: slashTranscoder - Called to slash a transcoder...

Calculating the previous pool's 'cumulativeRewardFactor' from the current pool incorrectly calculates the reward.

Lines of code Vulnerability details Impact When we updated a transcoder with rewards and then try to update a transcoder with fees, it incorrectly calculates the reward generated in the current round for that transcoder, which also incorrectly calculates the previous pool's cumulativeRewardFactor...

the transcoder can continue to participate and earn rewards for a portion of the round it is supposed to be deactivated in

Lines of code Vulnerability details Impact A transcoder can potentially receive rewards/fees when it should not be active anymore Proof of Concept resignTranscoder sets the deactivationRound to the next round current round + 1 The isActiveTranscoder check just compares the current round against t...

A malicious delegator could artificially inflate the deductions for a transcoder, potentially leading to incorrect vote counting.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept In the handleVoteOverrides function, the deductions are added to the transcoder's voter state without any validation: A malicious delegator could call countVote multiple times, each tim...

The bond manager contract does not properly zero out the transcoder's cumulative rewards/fees between rounds.

Lines of code Vulnerability details Impact transcoder's cumulative rewards and fees can continue accumulating from previous rounds, instead of resetting each round. This means a transcoder could claim portion of rewards/fees that it should not be entitled to. Proof of Concept This only resets the...

LastRewardRound is sometimes not checkpointed for Delegators

Lines of code Vulnerability details Impact lastRewardRound is not updated/checkpointed for delegators when transcoder changes state. This results in incorrect rewards and votes. It also violates this checkpointing condition specified by the technical specification: Quote: "In practical terms, it...

ai.tock:tock-shared (>=19.9.4 <=26.3.1), at.datenwort.openhtmltopdf:openhtmltopdf-latex-support (=1.1.3) +1441 more potentially affected by CVE-2022-44729 via org.apache.xmlgraphics:batik-transcoder (>=1.10 <=1.16)

org.apache.xmlgraphics:batik-transcoder MAVEN version =1.10, =19.9.4, =0.2.1, =0.5.0, =0.11.1, =0.0.2, =0.0.2, =1.3.5, =0.2.4, =1.1.0, =1.1.2 and more Source cves: CVE-2022-44729 Source advisory: OSV:GHSA-GQ5F-XV48-2365...

Debian: Security Advisory (DLA-515-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...