ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[<thread-prev\] \[day\] \[month\] \[year\] \[list\]

Date: Thu, 13 Apr 2023 13:33:56 -0500
From: Mark Esler <mark.esler@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: ncurses fixes upstream

On 4/12/23 15:40, Jonathan Bar Or (JBO) wrote:

> Hello oss-security,
>
> Our team has worked with the maintainer of the ncurses library (used by several software packages in Linux) to fix several memory corruption vulnerabilities.
> They are now fixed at commit 20230408 - see details here (https://invisible-island.net/ncurses/NEWS.html#index-t20230408)
> A CVE was assigned (CVE-2023-29491) - it's still under a "reserved" status.
>
> How can we ensure those fixes get deployed upstream, in major Linux distributions?

(distros maintain "downstream" versions of the ncurses "upstream")

Ideally, a security patch should only include security relevant changes. 
If a bunch of a documentation or miscellaneous changes are added, it 
makes backporting difficult (i.e., the non-security relevant changes may 
not be desired or cause the patch to not apply cleanly to old versions 
of ncurses). The upstream patch is already made, but that's what I'd 
recommend for future patches. If there's a regression as Alice suggests, 
that might be a good opportunity to redo the patch format.

http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56

When you publish the CVE json5, you can references the patch URL and 
relevant bug discussions to help downstream. Including the CVE number in 
the patch commit is also quite helpful.

Thank you!

> We've reached out to Arch, RedHat, Canonical and other popular distros independently.
Which email did you contact Canonical with? I cannot find anything 
recent for ncurses on security@...ntu.com
>
> Thanks!
>                               JBO
>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2023-29491: security - Re: ncurses fixes upstream

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.

@@ -28,6 +28,7 @@ use Exception; use Froxlor\\Database\\Database; use Froxlor\\UI\\Form; use Froxlor\\Validate\\Validate; use PDO;  
/\*\* @@ -159,6 +160,9 @@ public static function import($json\_str = null) // re-format the array-key for Form::processForm foreach ($\_data as $key => $value) { $index\_split = explode('.', $key, 3); if (!isset($current\_settings\[$index\_split\[0\]\]\[$index\_split\[1\]\])) { continue; } if (isset($index\_split\[2\]) && $index\_split\[2\] === 'image\_data' && !empty($\_data\[$index\_split\[0\] . '.' . $index\_split\[1\]\])) { $image\_data\[$key\] = $value; } else { @@ -190,42 +194,27 @@ public static function import($json\_str = null) } }  
$img\_data = base64\_decode($value); $img\_filename = Froxlor::getInstallDir() . '/' . str\_replace('../', '', explode('?', $\_data\[$index\_split\[0\] . '.' . $index\_split\[1\]\], 2)\[0\]);  
file\_put\_contents($img\_filename, $img\_data);  
if (function\_exists('finfo\_open')) { $finfo = finfo\_open(FILEINFO\_MIME\_TYPE); $mimetype = finfo\_file($finfo, $img\_filename); finfo\_close($finfo); } else { $mimetype = mime\_content\_type($img\_filename); } if (empty($mimetype)) { $mimetype = 'application/octet-stream'; } if (!in\_array($mimetype, \['image/jpeg', 'image/jpg', 'image/png', 'image/gif'\])) { @unlink($img\_filename); throw new Exception("Uploaded file is not a valid image"); }  
$spl = explode('.', $img\_filename); $file\_extension = strtolower(array\_pop($spl)); unset($spl);  
if (!in\_array($file\_extension, \[ 'jpeg', 'jpg', 'png', 'gif' \])) { @unlink($img\_filename); throw new Exception("Invalid file-extension, use one of: jpeg, jpg, png, gif"); if (Validate::validateBase64Image($value)) { $img\_data = base64\_decode($value); $img\_filename = explode('?', $\_data\[$index\_split\[0\] . '.' . $index\_split\[1\]\], 2)\[0\];  
$spl = explode('.', $img\_filename); $file\_extension = strtolower(array\_pop($spl)); unset($spl);  
if (!in\_array($file\_extension, \[ 'jpeg', 'jpg', 'png', 'gif' \])) { throw new Exception("Invalid file-extension, use one of: jpeg, jpg, png, gif"); } $img\_filename = 'img/' . bin2hex(random\_bytes(16)) . '.' . $file\_extension; file\_put\_contents(Froxlor::getInstallDir() . '/' . $img\_filename, $img\_data); $img\_index = $index\_split\[0\].'.'.$index\_split\[1\]; Settings::Set($img\_index, $img\_filename . '?v=' . time()); }  
Settings::Set($index, $value); } } // all good

CVE-2023-2034: better validation for uploaded/imported image files · Froxlor/Froxlor@f36bc61

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

CVE-2023-22950: Data Loading Vulnerability

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1765-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1765  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177685)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178200)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177685 - [23.C RHEL-8] Fast Datapath Release  
2178200 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.17-2.17.0-88.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQiMWg//d9j3aPfYak2tV8EI9xSItFv6WpoLCB4y  
rC4956fWN4hzmKSYHnrw4uvhEVPf1hsue5zJIO0VHlT5MqmwDn6wDjP//V8GC4lE  
JUmTZHQMcWlt/dZQm2mh2I0n4oR0y/4gY3f4kKXUPM0Mg1S1MAEahmm4S9NWAGF7  
f2nVf1b1PACs3E4QfStldiawDDmwPCe8zsaaCCVL9sIR/KZI6yoZOJu8RjCWHac6  
0kw6LpIDjOwoJ/tc2JMoP/1JORzA+6S0Lrg+ZI8Kd0qwL/6KOcBpgCYXYD1eyp60  
18At7rFMonFlOW2JG8A0ewe6MZDXoyJsWjNZl2xPXsa1tHT/jnK29EbXr14X40kx  
/fpSdiRr1zSfChCPFVedxaBWY9L2UoAUGx6TnGXNuNC1UTM0pseMfUMy7TAC4ZV4  
o6qH7hC4a2W1tOxndAq8MWGeh49pq1n/EjwF+deKU73ke834pwDfQFRO03YB4jjM  
myicYpRKimbd6TzFhunIaKJcEYGX5Jna6nBd50a2b5mfHOS/FKah2fmROTK8bRv8  
202/9CCCGWSzE3IlUT9JcamNcdre0xZHmkYXpyLTuW0keXp+wlb19aVR42ZtRq6L  
U+TiznvhSU3XuH7KxJJS0AQdi+zyBWSR24ADbE70nQfu0nP6hupQBo6Eg2dnhdva  
w5iYSsJ1/AA=J+dO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1770-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1770  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177688)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177688 - [23.C RHEL-9] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch3.1-3.1.0-14.el9fdp.src.rpm

aarch64:  
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

ppc64le:  
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

s390x:  
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

x86_64:  
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaLtzjgjWX9erEAQgWtw//Q8Uf6a/o/eN5OJxyMupZANRTuKoPOXeu  
vUuwVU6oVNklao0FCs3BkMUfoGagZfHqJiVtaJBp48hpHWprZ6CJ6Prc18k/KIkY  
hhN/z42p1fLC+J4JzMuA3cODHVc0JkXuRT1wMfGYfKq4RLPaW6jADVSIGzTIZhc9  
YtppXWcpp5cEgvoF9/NtZspKggFUWuXj4BymJ7fzmxGpDkHkaMMdMX+9+qTevpyP  
Kj0G9YfdmmUGWAaZ3Fm5/vh8otoeTDOU83YgTl+kQrflPg/PJVuTAiJ3cjA+Sl1U  
yZDyUxNwgSwvJ4PJKMif6SrNsvv1PQpxK9UE9Q8JWVlXVwvPw5aHpj9bhk5Kmv3n  
t/x37zdKWPbldBeuQlNpXTNAZ1YFGd5PSzseR8fJXoyinhcT+ATC4mAyWhoq5+B5  
J7NLCxJDXfO8pzBbnv5whaDS3fztXbFpKQC5wC26x/az4Fci2+y2EX9TTxYTyA2P  
JZ0zp4wZpHHk78xoSPOMGuvURwl9NYGPQvLtztg6sOFx/XDwC3fws+SGTkeUJjfw  
xiAdisM4JAujDR0jiMRBe+WkElVF1uaT1KolLQPxu9kxcNuLJ/Qr62kBjsPfgkF0  
feZT3Uui2ZZhuX/F/z74OkKS+ke9dIeN75d6KpYiMfaJdYpRC2rmU6f1aQBfcVik  
dd1tBu49mHM=xop/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1747-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1747-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1747  
Issue date:        2023-04-12  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDcxWNzjgjWX9erEAQi/AA/9GNdQctKqRnMI2c+jyjs/LF5USS5Qx3dk  
axfQaGBzI7jYtBReNbGlVnlQzS+/DjiChUfl2m2YU1pAhhO3B7/Nd5t6xC9mMkUN  
Itvzu46P1pPCt0pURc+BEpC6PxIHq6cFpEeS9L52FFWjUTYKH/IeIb3Po0XGtyZ1  
lHIOjqvAZTXSi+7IR07pXBKNy03vUNVdVcRDqNkls9FFfKDsx11/KgoIksWxkBtC  
oiuhLaMzlsmmL2VC60ZbrGKBstOIalL+X1p1JmG3W5aRFiIu90MeyHpX1cQwldlD  
mWzKZUG/e8KI7iFufQZ6nsHGrCvREWDncpbUcRxilRI1jBPqI5cJfol2CKmrAMT7  
UWhn4WMfBGmKr7heUxemxJowFtlRSbzz0I95qW5J3JA74JjsMDxkLwWnTlLf70yo  
F71oy0IJWSdQ776bkR9oy7ZlcLioNhFEtGR9/kDc2AKdP1bc+hNZV2s/2UYC0aSj  
4Nx3gJp8g1PcnwDMJwL3KvxA4DWZ4YhJ2lInSqGQ37WyIr/7OPknjWaVdzb1unvl  
fRjWygiwJ90zEOv2gkyVAa01GrScO/xi6ppR1am6lXVGdUcmZYYs3jeL0ajEEkvo  
g/3hqWgqcai9a8DkaubbwhwPDpia+s38CjRQML3AD+k+02IZcOr1pcNFygy/BLyR  
TppOjgbEuAk=PPtl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1747-01

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5385-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 12, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536  
                 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550  
Debian Bug     : 982794

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code or spoofing.

For the stable distribution (bullseye), these problems have been fixed in  
version 102.10.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ28JsACgkQEMKTtsN8  
TjbdRg/8DSoN4DTk+CAuIooGwX0fON/G7DgsrGR+dFwQEBd/PMf7Hy+A9EpjOO7E  
IeXK4XHNOV8qbAx3wQ3E9R6oZT//rvgXjYbiNY717OUkK1D7C5QJEinJsY57J2WX  
TW4Q27RuPVVft9sCsKkq47yQE+XT11Z7FuQ+L8xOSZ8+adfvhKhrlZGtzSd9Olux  
1XNmYgJGXu0IEzm5lqWzu+zvraY/yZbOFMStdu3t/tF+jIA2O6v25E2xczObOepv  
TbynApqS1YAH7qlbvjE31qZ3J0mTWhPLtdo6OBKucpc1KBRuSJYcC5sUoGZ5dFrl  
5+K3YfOlPjTww94mx1Own1WDyNw+g37lEGt5enQ/EkWSVKK4co/pzCvzmc7xxzr9  
64ukerv/C94KjSdmPPr6kr4qjUJThs/XlFTbhbPvRRL0Blk/fIJuG1dALXk2R2Ut  
4La0T9h0tGoEoLDGoI1A/cKl2cLnpGg0LeLxWhMysVcYSFcza/0EfYmGtDbRp5iv  
bB+vlpYjjWaNyx+ZtxDtbPtZ9ZmTOKPjrQ+bJFAEYqykIAlueC3bBwqpMz5SxPqg  
NDxWoGK13S//9Ug3c/GPcxNNiV1jNPxuG9Dy3Kq1/LHKrDtnYOfjXrg7nqelRSHS  
1NVzxuTD/0lV8tlo/806hoZToxINqi+c13/Nm5GnDiMzdg3u/hQ=RuqS  
-----END PGP SIGNATURE-----

Debian Security Advisory 5385-1

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.

This is the message page of the front desk  

Find the back-end code through the front page. The ischeck is to judge whether the content of the message is displayed on the page. There are several key functions in the picture.  
Function call flow:  
index() calls checkDate()  
checkDate() calls the filter\_strs($\_POST) function to filter strings  
checkDate() calls the p() function again to prevent injection  
The p() function calls the filter\_sql() function to filter the reserved characters of mysql to prevent injection  
Then index() continues execution and calls the add() function  
The add() function calls the addModel() function in turn  
addModel() function and then addDB() function  
$sql in the addDB() function is an insert statement, where the value of $value comes from $data, and the value of $date is a parameter we can control.  
  
  
  
  
  
  

Add echo $sql to output complete sql statement, which is convenient for constructing payload.  

Packet analysis  

After inserting the page, the message will not be displayed, only when ischeck=1 will it be displayed in the foreground  
  

There are a lot of filtering functions in the previous code, but I found that these filtering functions only filter the 'value' in the array $data, but not the 'key', and the front page will echo only when ischeck=1 , so construct the payload and close the INSERT statement.  
payload: name=x&mail=x&tel=x&content=x&setbook=%E6%8F%90%E4%BA%A4&ischeck=1&time)VALUES(user(),1,1,1,1,1,1);#=1  
  

Protection Advice  
Filter the keys in the array as well

CVE-2023-29598: lmxcms v1.4.1 Front page sql injection · Issue #3 · jspring996/PHPcodecms

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-29597: bloofox 0.5.2 sql injection · Issue #2 · jspring996/PHPcodecms

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported. 
Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported.

Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on your operations or security teams knows about. Enterprises manage thousands of APIs, many of which are not routed through a proxy such as an API gateway or web application firewall. This means they aren't monitored, are rarely audited, and are most vulnerable.

Since they aren't visible to security teams, shadow APIs provide hackers with a defenseless path to exploit vulnerabilities. These APIs can potentially be manipulated by malicious actors to gain access to a range of sensitive information, from customer addresses to company financial records. Considering the potential for substantial data leakage and hefty compliance violations, preventing unauthorized access through shadow APIs has become mission-critical.

To help you get started, I'll explore how APIs become hidden and discuss how shadow APIs can be used for malicious purposes. You'll also learn the importance of monitoring API usage and traffic, as well as how to identify shadow APIs and mitigate risks with purpose-built security controls.

****How APIs become hidden****

A number of factors can contribute to the lack of API visibility, including poor API management, a lack of governance, and inadequate documentation. Without sufficient governance, organizations risk having an excessive number of APIs that aren't being utilized effectively.

A significant portion of shadow APIs are caused by employee attrition. Quite frankly, developers don't share all of the tribal knowledge when they depart to new opportunities. And with the developer job market as hot as it is, it's easy to see how this can happen. Especially when you consider how many projects they're working on. Even employees with the best of intentions will miss something while handing off.

There are also APIs that were passed on as a result of a merger or acquisition which are often forgotten about. Inventory loss can occur during system integration, which is a difficult and complicated operation, or it's possible that no inventory existed at all. Larger corporations that acquire multiple smaller businesses are particularly at risk since smaller companies are more likely to have inadequately documented APIs.

Another culprit are APIs with poor security or a known vulnerability is still in use. Sometimes an older version of software may have to run alongside a newer one for a while during upgrades. Then unfortunately, the person in charge of ultimately deactivating the API, either leaves, is given a new task, or forgets to delete the prior version.

"Do you know how many APIs you have? Better yet, do you know if your APIs are exposing sensitive data? If you're struggling with shadow APIs in your environment, you should download the **Definitive Guide to API Discovery** from Noname Security. Learn how to find and fix all your APIs - no matter the type."

  
****How hackers utilize shadow APIs****

Shadow APIs are a powerful tool for malicious actors, allowing them to bypass security measures and gain access to sensitive data or disrupt operations. Hackers can use shadow APIs to perform various attacks such as data exfiltration, account hijacking, and privilege escalation. They can also be used for reconnaissance purposes, gathering information about a target's critical systems and networks.

As if that wasn't dangerous enough, hackers can avert authentication and authorization controls via shadow APIs to access privileged accounts that could be used to launch more sophisticated attacks. All without the knowledge of the organization's security team. For example, API attacks have also started to surface in the automotive industry, putting drivers and their passengers at extreme risk.

By exploiting APIs, cybercriminals could retrieve sensitive customer data, such as their address, credit card info from sales quotes and VIN numbers—information with obvious implications for identity theft. These exploited API vulnerabilities could also expose vehicle location or enable hackers to compromise remote management systems. Meaning cybercriminals would have the ability to unlock vehicles, start engines or even disable starters altogether.

As organizations become increasingly reliant on cloud-based services, it is becoming increasingly important for them to uncover shadow APIs in order to protect their data and systems from malicious actors.

****How to identify and mitigate shadow API risks****

Identifying shadow APIs is an important part of API security. It involves discovering all the APIs that are running in your environment, understanding their purpose, and ensuring they are secure. This can be done through API discovery tools which scan for all the APIs running in an environment and provide detailed information about them.

By using these tools, organizations can identify any shadow APIs that may exist in their environment and take steps to secure them before they become a bigger security risk. This can include monitoring network traffic for suspicious activities, conducting regular vulnerability scans, and ensuring that all API requests are authenticated.

Once identified, organizations should put measures in place to mitigate the risks associated with these APIs such as implementing data encryption, restricting access privileges, and enforcing security policies. Additionally, organizations should also ensure that they have adequate logging systems in place so that any unauthorized access attempts can be quickly identified and addressed.

****Find and eliminate shadow APIs with Noname Security****

Now that you've made it to the end, let's sum things up so you truly understand the task ahead of you. The bottom line is, shadow APIs present a unique challenge for organizations just like yours. They provide hackers with a way of hiding their activities as they are often difficult to detect and trace. At the very least they are a threat to data security and privacy.

With that said, Noname Security can help you to accurately keep track of all your APIs, especially shadow APIs. They provide a single pane of glass that gives you complete insight into all data sources, whether on-premise and in the cloud.

Their API Security Platform can monitor load balancers, API gateways, and web application firewalls, enabling you to find and catalog every type of API, including HTTP, RESTful, GraphQL, SOAP, XML-RPC, JSON-RPC, and gRPC. Believe it or not, their customers typically find 40% more APIs in their environment than they had previously thought.

To learn more about API discovery and how Noname Security can help you get a grip on your shadow APIs, I encourage you to download their new **_Definitive Guide to API Discovery_**.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#js