Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.

**Package**

nuget Umbraco-CMS (NuGet)

**Affected versions**

\> 8.0.0

**Patched versions**

8.18.10, 10.8.1, 12.3.4+

**Description**

**Impact**

Users with low privileges ( Editor, etc) are able to access some unintended endpoints.

**Explanation of the vulnerability**

To be revealed at a later point in time.

CVE-2023-49273: Privilege Escalation using Spoofing

Umbraco is an ASP.NET content management system (CMS).  Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.

**Package**

nuget Umbraco.CMS (NuGet)

**Affected versions**

\> 10.0.0

**Patched versions**

10.8.1, 12.3.4+

**Description**

**Impact**

Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

**Explanation of the vulnerability**

To be revealed at a later point in time.

CVE-2023-48313: DOM-based stored cross-site scripting

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.

**Package**

nuget Umbraco.CMS (NuGet)

**Affected versions**

\> 8.0.0

**Patched versions**

8.18.10, 10.8.0, 12.3.0

**Description**

**Impact**

Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.

**Explanation of the vulnerability**

To be revealed at a later point in time.

CVE-2023-48227: Backoffice User can bypass "Publish" restriction

Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.

**■概要**弊社製品「プリザンター」においてSAML認証の脆弱性、クロスサイトスクリプティング、オープンリダイレクトの脆弱性及びテンポラリデータのアクセス制御不備の脆弱性が存在することが判明しました。この脆弱性を悪用された場合、悪意ある第三者の攻撃により、外部の不正なサイトへの誘導やプリザンターに登録しているデータの情報漏洩や改ざんの危険性があります。  
この問題の影響を受けるプリザンターのバージョンを以下に示しますので、対策方法に記載する対応を実施してください。**■該当バージョンの確認方法**影響を受けるバージョンは以下の通りです。

1\. SAML認証の脆弱性  
・1.3.46.1以前の全てのバージョンでSAML認証を使用している場合  
　※Community Edition、Enterprise Editionどちらも該当します。  
　※1.2版、1.1版、0.51版、0.50版、0.49版以前も該当します。

2\. クロスサイトスクリプティング、オープンリダイレクトの脆弱性及びテンポラリデータのアクセス制御不備の脆弱性  
・1.3.47.0以前の全てのバージョン  
　※Community Edition、EnterpriseEditionどちらも該当します。  
　※1.2版、1.1版、0.51版、0.50版、0.49版以前も該当します。  
・バージョンの確認方法は以下のユーザマニュアルを参照願います。  
　「FAQ：プリザンターのバージョンを確認したい」  
　　https://pleasanter.org/manual/faq-version

**■脆弱性の説明および脆弱性がもたらす脅威****SAML認証の脆弱性**Sustainsys.Saml2 ライブラリは、ASP.NET Webサイトに SAML2P サポートを追加し、Webサイトが SAML2 サービス プロバイダーとして機能できるようにします。脆弱性のあるバージョンでは、応答が処理されるときにアイデンティティプロバイダー(ID プロバイダー)の発行者が十分に検証されていません。

悪意のあるIDプロバイダが偽のSaml2応答を作成できることにより、悪意のあるユーザに正規ユーザのなりすましを許してしまう可能性があります。

詳細はライブラリのIssueを参照してください。  
・Sustainsys/Saml2#712  
・Sustainsys/Saml2#713

**クロスサイトスクリプティング**ログインした一般ユーザが、内容、説明項目、コメント等に画像を張り付ける際のリクエストを不正に改ざんすることで、外部サイトへの誘導やスクリプトの不正実行ができる脆弱性が存在します。プリザンターにログインできない匿名ユーザは本脆弱性を用いた攻撃はできません。

攻撃者が設置したスクリプトにより、悪意のある外部サイトへの誘導や、プリザンターの管理者が攻撃者がスクリプトを設置したページを開いた場合にプリザンターの管理操作を意図せず実行させられる可能性があります。

**オープンリダイレクトの脆弱性**不正なログインURLに一般ユーザがログインを行った際に任意のサイトに誘導されてしまう脆弱性が存在します。  
悪意のある第三者が用意したログインURLにログインすることにより、悪意のある外部サイトへ誘導される可能性があります。**テンポラリデータのアクセス制御不備の脆弱性**一般ユーザがアップロードした任意のファイル用テンポラリデータ向けにランダムに生成されるURLを、ログインしている別のユーザが知り得た場合にテンポラリデータが閲覧できてしまう脆弱性が存在します。  
ユーザーがアップロードしたファイルが、ログイン済みの攻撃者に漏洩する可能性があります。**■対策方法**1\. SAML認証の脆弱性  
　・バージョン1.3.X、1.2.X、1.1.X、0.51.X、0.50.X、0.49.X以前をご利用のお客様  
　　1.3.47.0 以降（2023年9月22日リリース）にバージョンアップをしてください。  
　　※バージョンアップをせずに対策するための個別パッチの提供はございません。

2\. クロスサイトスクリプティング、オープンリダイレクトの脆弱性及びテンポラリデータのアクセス制御不備の脆弱性  
　・バージョン1.3.X、1.2.X、1.1.X、0.51.X、0.50.X、0.49.X以前をご利用のお客様  
　　1.3.48.0 以降（2023年10月16日リリース）にバージョンアップをしてください。  
　　※バージョンアップをせずに対策するための個別パッチの提供はございません。

・専用環境ご利用のお客様  
　別途スケジュール調整の上速やかにバージョンアップいたします。（再起動が必要です）

**■連絡先**本件につきまして、ご不明な点がございましたら以下よりお問い合わせ下さい。  
お問い合わせフォーム https://pleasanter.org/contact/

CVE-2023-46688: プリザンターにおける複数の脆弱性について | Pleasanter

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.

**Overview**

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary JavaScript objects.

**Description**

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

**Releases**

Releases before version 21.12.22.1 are affected. Please be careful to download any binary DLL from other web sites, especially we found NuGet packages not owned by us that contain vulnerable versions.

**Workarounds**

A workaround exists that replaces one of the core JavaScript files embedded in the library. Using a XML configuration allows to replace the default JavaScript code to be replaced with the version on GitHub.

<configuration\>
	<configSections\>
		<sectionGroup name\="ajaxNet"\>
			<section name\="ajaxSettings" type\="AjaxPro.AjaxSettingsSectionHandler,AjaxPro.2" requirePermission\="false" restartOnExternalChanges\="true"/>
		</sectionGroup\>
	</configSections\>
	<ajaxNet\>
		<ajaxSettings\>
			<coreScript\>~/ajaxpro-core-fixed.js</coreScript\>
		</ajaxSettings\>
	</ajaxNet\>
</configuration\>

Copy the file core.js from the main project folder to your web server root folder and rename that ajaxpro-core-fixed.js.

Clients need to refresh the web page to download the changed JavaScript code.

**References**

Commit fixing the issue: c89e39b

Note: the official Ajax.NET Professional (AjaxPro) NuGet package is available here: https://www.nuget.org/packages/AjaxNetProfessional/

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue on this GitHub repository

CVE-2023-49289: Remote Code Execution Security Vulnerability

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.




**Background**

Tiff Server was one of Aquaforest’s first products, released in 2002.

It enabled users to view TIFF files within a web site or web-based application without requiring the use of special image viewer plugins or applets ( a requirement for the cutting edge Internet Explorer and Netscape Navigator browsers at that time).

It was designed to be used on an intranet, and was never intended to be exposed to the outside world. When TIFF Server was designed, the concept of zero-trust networking and the risk of network-internal threats had not yet entered the mainstream industry consciousness.

Over the years, additional features were added but the underlying model has remained.

**Security Advisory**

External partners have identified that organisations running an insufficiently configured instance of TIFF Server may allow an unauthenticated attacker to craft a request that abuses certain parameters available in TIFF Server’s exposed ASP.NET forms. This weakness can be mapped to the MITRE CWE framework as CWE-22.

Parameters in the *.aspx forms bundled in TIFF Server are designed to leverage the capabilities of IIS to allow it to source files from arbitrary provided locations in order to maximise customisation flexibility. At the time, the implications of these original design decisions were unclear but meant that carefully crafted requests to certain insufficiently configured servers may be able to:

*   Allow an unauthenticated user to view documents that should otherwise require authentication.
*   Detect directories that the user TIFF Server is running as has access to.
*   Count files within directories the user TIFF Server is running as has access to.
*   Detect if files exist in locations TIFF Server has access to.

This architectural design pattern that could allow this flaw is present in all versions of TIFF Server.

As this functionality is intended to allow customisation of features provided by TIFF Server and may be in use by customers still using TIFF Server, there is not a “one-size-fits-all” resolution that does not require customer-side configuration.

**Improving Security Configuration within TIFF Server**

The best way to mitigate the risk of an unauthenticated attacker accessing contents that should not be accessible is to use the Custom Auditing and Security option supplied in Section 13 of the Tiff Server Reference Guide to implement allowlisting for limiting incoming requests to only the directories intended for use with TIFF Server.

Though the Custom Auditing and Security option and its use is described in the reference guide, we had not previously provided examples of using it.

In order to provide guidance to our customers still using TIFF Server, we have provided an example below for implementing such a configuration. The following implementation uses a file containing a list of accepted file paths:

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Net;
    using System.Web;
    
    /// <summary>
    /// The following AquaforestTIFFServerAudit code is designed to check 
    /// the filepath is within the allowlisted URLs
    /// </summary>
    namespace AquaforestTIFFServerAudit
    {
        /// <summary>
        /// This code has a hard coded filepath for the AllowList
        /// </summary>
        public class TIFFServerAudit
        {
    
            /// <summary>
            /// This is a skeleton function, add features as required.
            /// </summary>
            /// <param name="fileName"></param>
            /// <param name="action"></param>
            /// <param name="AUTH_USER"></param>
            /// <returns></returns>
            public static bool securityCheck(string fileName, string action, string AUTH_USER)
            {
                // Add check that filepath is within the AllowList
                // Get the filepath from the filename
                string filePath = Path.GetDirectoryName(Path.GetFullPath(fileName).ToLowerInvariant());
    
                // If it is not in the allowlist end the response.
                if (!TiffServerAllowlist.InAllowList(filePath))
                {
                    return false;
                }
                else
                {
                    return true;
                }
                // Return False to disable access
            }
            public static void logAction(string action)
            {
                // Action is one of :
                // VIEW, PRINT, PDF, SAVEPDF, GETANNOTATIONS, SAVEANNOTATIONS, EDIT, SAVEEDIT
                try
                {
                    // Get the file path from one of these supplied sources depending upon the supplied Action
                    string fileName = HttpContext.Current.Request["FN"];
                    if (action == "EDIT" || action == "SAVEEDIT")
                    {
                        fileName = HttpContext.Current.Request["filename"];
                    }
                    else
                    if (action == "GETANNOTATIONS")
                    {
                        fileName = HttpContext.Current.Server.MapPath(HttpContext.Current.Request["an_url"]);
                    }
                    else
                    if (action == "SAVEANNOTATIONS")
                    {
                        fileName = HttpContext.Current.Request["anfile"];
                    }
    
                    // Audit operations
                    string status = "OK"; // Default
                    string auditFileName = (string)HttpContext.Current.Session["ts_audit_file"];
    
                    string PC = HttpContext.Current.Request["PC"];
                    string AUTH_USER = HttpContext.Current.Request.ServerVariables["AUTH_USER"];
                    string REMOTE_HOST = HttpContext.Current.Request.ServerVariables["REMOTE_HOST"];
    
                    if (auditFileName == null || auditFileName == "")
                    {
                        if (!securityCheck(fileName, action, AUTH_USER))
                        {
                            HttpContext.Current.Response.Write($"You do not have permission to {action} this file.{Environment.NewLine}{Path.GetExtension(fileName)}{Environment.NewLine}Please contact your system administrator.");
                            HttpContext.Current.Response.End();
                        }
                        return;
                    }
    
                    /* 
                     * Any Security Checks May Go Here and Terminate Response with 
                     * HttpContext.Current.Response.End() before or after writing log entry
                    */
    
                    if (!securityCheck(fileName,action,AUTH_USER))
                    {
                        if (action == "GETANNOTATIONS")
                        {
                            HttpContext.Current.Response.Write("<ts_annot></ts_annot>");
                            HttpContext.Current.Response.End();
                        }
                        if (PC == "Y")
                        {
                            HttpContext.Current.Response.Write("afPageCount=-5;afMessage='You do not have permission to access this file.  Please contact your system administrator.';");
                            HttpContext.Current.Response.End();
                        }
                        else
                        {
                            HttpContext.Current.Response.Clear();
                            HttpContext.Current.Response.End();
                        }
                    }
    
                  
                    if (action == "VIEW" && PC != "Y")
                    {
                        // Only log for the initial page count request, not for each page 
                        return;
                    }
        			
                    System.IO.StreamWriter auditFile = new System.IO.StreamWriter(auditFileName, true);
                    if (auditFile != null)
    				{
                        auditFile.WriteLine(DateTime.Now + "," + action+","+status+","+fileName+","+AUTH_USER+","+REMOTE_HOST+","+HttpContext.Current.Request.Url);
                        auditFile.WriteLine();
                        auditFile.Flush();
                        auditFile.Close();
    				}
    			}
                catch (WebException wex)
                {
    
                }
    			catch(Exception ex)
    			{
    
    			}
    		}
        }
    
        /// <summary>
        /// This static class checks if a filepath is included in the AllowList
        /// </summary>
        public static class TiffServerAllowlist
        {
            /// <summary>
            /// Static list of AllowListed locations
            /// </summary>
            private static List<string> _AllowList;
    
            /// <summary>
            /// Constructor that loads up the allowlist from the filepath
            /// </summary>
            static TiffServerAllowlist()
            {
                _AllowList = new List<string>();
    
                // This is hard coded to a specified location, it will need to be edited and pointed at a valid text file.
                // The file contains root paths that TifServer is allowed to access.
                string temp =Path.GetFullPath(@"C:\inetpub\wwwroot\tiffserver\AllowList.txt");
                if (File.Exists(temp))
                {
                    string contents = File.ReadAllText(temp);
                    foreach (string line in contents.Split('\n'))
                    {
                        _AllowList.Add(line.Replace("\r", ""));
                    }
                }
            }
            /// <summary>
            /// Returns whether the supplied filepath is within the AllowList
            /// </summary>
            /// <param name="filePath"></param>
            /// <returns></returns>
            public static bool InAllowList(string filePath)
            {
                bool result;
                if (_AllowList.Count == 0)
                {
                    result = true;
                }
                else
                {
                    result = false;
                    foreach(string rootPath in _AllowList)
                    {
                        if (filePath.Contains(rootPath))
                        {
                            result = true;
                            break;
                        }
                    }
                }
    
                return result;
            }
        }
    }
    

Example allowlist file:

    D:\data\project_1\tiffs
    D:\data\project_2\tiffs
    C:\inetpub\wwwroot\tiffserver\samples

As the full source of the Custom Auditing and Security class is available, it’s possible to edit it in other ways if the example given above is not compatible with the way you have implemented TIFF Server.

**The future…**

As described in the blog post TIFF Server Sunsetting (aquaforest.com), Tiff Server will be sunsetted by 31 May 2024. We will continue to provide product support for existing customers until that date, but no updates are planned prior to sunset.

We have provided the example above to help customers hold themselves over until the sunset date while planning their migration to other solutions. Customers are not advised to remain using TIFF Server after the sunset date because no further updates, support, or guidance will be offered at that time.

We would suggest that if you are a current user of TIFF Server and have not begun to plan a replacement, this would be a good opportunity to look at our PSPDFKit Web-Standalone solution that has superseded TIFF Server.

You can explore a demo of the PSPDFKit image viewer **here** and get started with a trial by following **this link**.

As a valued customer, we’d like to provide you with a custom offer tailored to your needs. If you are not sure what products best suit your usage needs, our sales team can help work with you to determine a solution for your needs moving forward. To discuss your requirements, please contact us via the **sales team**.

CVE-2023-6352: Tiff Server security update - Aquaforest

Red Hat Security Advisory 2023-7259-01 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7259.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 6.0 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2023:7259-01Product:            .NET Core on Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7259Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-36049====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.125). (BZ#2247677)Security Fix(es):* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36049References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247750https://bugzilla.redhat.com/show_bug.cgi?id=2248883

Red Hat Security Advisory 2023-7259-01

Red Hat Security Advisory 2023-7258-01 - An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7258.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: dotnet6.0 security updateAdvisory ID:        RHSA-2023:7258-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7258Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-36049====================================================================Summary: An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.Security Fix(es):* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36049References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247750https://bugzilla.redhat.com/show_bug.cgi?id=2248883

Red Hat Security Advisory 2023-7258-01

Red Hat Security Advisory 2023-7257-01 - An update for dotnet6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7257.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: dotnet6.0 security updateAdvisory ID:        RHSA-2023:7257-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7257Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-36049====================================================================Summary: An update for dotnet6.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.Security Fix(es):* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36049References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247750https://bugzilla.redhat.com/show_bug.cgi?id=2248883

Red Hat Security Advisory 2023-7257-01

Red Hat Security Advisory 2023-7256-01 - An update for dotnet7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7256.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: dotnet7.0 security updateAdvisory ID:        RHSA-2023:7256-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7256Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-36049====================================================================Summary: An update for dotnet7.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14.Security Fix(es):* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36049References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247750https://bugzilla.redhat.com/show_bug.cgi?id=2248883

Tag

#asp.net