#js

Red Hat Security Advisory 2024-0660-03 - Red Hat OpenShift Container Platform release 4.13.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-0642-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0641-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.

By Deeba Ahmed Chinese state-backed hackers targeted Dutch military networks by exploiting a vulnerability in a FortiGate device. This is a post from HackRead.com Read the original post: Chinese Hackers Infiltrate Dutch Defense Networks with Coathanger RAT

### Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. ### Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 ### PoC A request of the following form will output the content of the `/etc/passwd` file: ``` curl -u admin:<admin-password> -X PUT http://localhost:9000/api/system/cluster_config/java.io.File \ -H "Content-Type: application/json" \ -H "X-Requested-By: poc" \ -d '"/etc/passwd"' ``` To perform the request, authorization is required. Only users posessing the `clusterconfigentry:create` and `clusterconfigentry:edit` permissions are allowed to ...

Red Hat Security Advisory 2024-0714-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a file overwrite vulnerability.

Red Hat Security Advisory 2024-0712-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Issues addressed include a file overwrite vulnerability.

Red Hat Security Advisory 2024-0711-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a file overwrite vulnerability.

Red Hat Security Advisory 2024-0710-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Issues addressed include a file overwrite vulnerability.

Red Hat Security Advisory 2024-0705-03 - Red Hat AMQ Broker 7.11.6 is now available from the Red Hat Customer Portal. Issues addressed include a bypass vulnerability.