Latest News

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any

### Summary The `gix` and `ein` commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages. ### Details `gitoxide-core`, which provides most underlying functionality of the `gix` and `ein` commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. ANSI escape sequences are of particular concern because, when printed to a terminal, they can change colors, including to render subsequent text unreadable; reposition the cursor to write text in a different location, including where text has a...

### Summary Hono CSRF middleware can be bypassed using crafted Content-Type header. ### Details MIME types are case insensitive, but `isRequestedByFormElementRe` only matches lower-case. https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17 As a result, attacker can bypass csrf middleware using upper-case form-like MIME type, such as "Application/x-www-form-urlencoded". ### PoC ```html <html> <head> <title>CSRF Test</title> <script defer> document.addEventListener("DOMContentLoaded", () => { document.getElementById("btn").addEventListener("click", async () => { const res = await fetch("http://victim.example.com/test", { method: "POST", credentials: "include", headers: { "Content-Type": "Application/x-www-form-urlencoded", }, }); }); }); </script> </head> <body> <h1>CSRF Test</h1> <butto...

### Impact The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like `REXML::Document.new`, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. ### Patches The REXML gem 3.3.6 or later include the patch to fix the vulnerability. ### Workarounds Don't parse untrusted XMLs with tree parser API.

### Summary Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this: - `/api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/` - `/api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/` - `/api/v3/.../used_by/` Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable. ### Patches authentik 2024.4.4, 2024.6.4 and 2024.8.0 fix this issue. ### Workarounds Access to the API endpoints can be blocked at a Reverse-proxy/Load balancer level to prevent this issue from being exploited. ### For more information If you have any questions or comments about this advisory: - Email us at [security@goauthentik.io](mailto:security@goauthentik.io)

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify data," the company

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control

Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital...

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to