Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-qpq9-jpv4-6gwr: Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.

ghsa
#vulnerability#web#git#auth
GHSA-3w4v-rvc4-2xpw: Keycloak has Files or Directories Accessible to External Parties

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.

GHSA-w88m-2936-rmxr: wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

GHSA-fqc7-5xxc-ph7r: Keycloak XSS via use of malicious payload as group name when creating new group from admin console

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

GHSA-5c8p-qhch-qhx6: Deluge Web-UI vulnerable to XSS through a crafted torrent file

The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

GHSA-76fg-mhrg-fmmg: XNIO `notifyReadClosed` method logging message to unexpected end

A flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.

GHSA-rr2m-gffv-mgrj: Deserialization of Untrusted Data in Apache Hadoop YARN

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.

GHSA-34j6-m83c-52x2: Jfinal Cross-site Scripting vulnerability

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

GHSA-7527-8855-9cf8: Incorrect header handling in mod-wsgi

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

GHSA-cmxc-9ghj-jp87: Insufficient Session Expiration in snipe/snipe-it

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. The session is not invalidated after a password change.