Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-2h84-3crq-vgfj: Apache Airflow Incorrect Authorization vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

ghsa
Open in Source
#vulnerability#apache#git#auth
GHSA-74mc-g2xv-pch2: Apache Pulsar Function Worker Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrad...

GHSA-p7w2-784m-qpq9: Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

GHSA-xvw9-3mhm-xjqq: Apache Airflow information disclosure vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

GHSA-m384-pj54-5vr2: Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

GHSA-j927-w6g7-7c7w: Apache Jena Expression Language Injection vulnerability

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0.

GHSA-469h-mqg8-535r: Decidim Cross-site Scripting vulnerability in the external link redirections

### Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.6](https://github.com/decidim/decidim/releases/tag/v0.26.6)

GHSA-5652-92r9-3fx9: Decidim Cross-site Scripting vulnerability in the processes filter

### Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.6](https://github.com/decidim/decidim/releases/tag/v0.26.6)

GHSA-jm79-9pm4-vrw9: Decidim vulnerable to sensitive data disclosure

Note: added the actual report as a [comment](https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110). ### Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). ### Impact This issue may lead to Sensitive Data Disclosure. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3). ### Workarounds Disable or unpublish all meetings components from your application.

GHSA-ph6g-p72v-pc3p: Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

### Impact This vulnerability is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. ### Patches The issue has been addressed in version `14.5.0`. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. ### Workarounds In this case, it is recommended for users to upgrade to the patched version rather than relying on workarounds. Upgrading to the fixed version ensures that the vulnerability is no longer present and provides the best protection against remote code execution ### References For more detailed information about this workaround and its effectiveness, users should consult the support channels provided by the software or system developer. They can provide specific guidance on implementing this workaround and any potential limitations or caveats associated with it. ---- This vulnerability was discovered by Vladislav Gladkiy (Positive Technolo...