#vulnerability

### Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. ### Details This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, `gh pr checkout`. These GitHub CLI commands invoke `git` with instructions to retrieve authentication tokens using the [`credential.helper`](https://git-scm.com/docs/gitcredentials) configuration variable for any host encountered. Prior to `2.63.0`, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: - `GITHUB_ENTERPRISE_TOKEN` - `GH_ENTERPRISE_TOKEN` - `GITHUB_TOKEN` _when `CODESPACES` environment variable is set_ The...

### Summary A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. ### Details `go-gh` sources authentication tokens from different environment variables depending on the host involved: - `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com - `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server Prior to `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when [within a codespace](https://github.com/cli/go-gh/blob/71770357e0cb12867d3e3e288854c0aa09d440b7/pkg/auth/auth.go#L73-L77). In `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. ### Impact Successful exploitation could send authentication token to an unintended host. ### Remediation and mitigation 1. Upgrade `go-gh` to `...

### Impact Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering half of the XTS key obsolete. Timing attacks require specific conditions to be exploitable. ### Patches Patched in 2024.11.26 ### Workarounds Upgrade the package ### References https://en.wikipedia.org/wiki/Timing_attack

### Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier **CVE-2024-49203**. ### Details Vulnerable code may look as follows: ``` @GetMapping public List<Test> getProducts(@RequestParam("orderBy") String orderBy) { JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy)); JPAQuery<Test> orderedQuery = query.orderBy(order); return orderedQuery.fetch(); } ``` Where vulnerability is either caused by ```pathBuilder.get(orderBy)``` or the ```orderBy(order)``` method itself, based on where the security checks are expected. ...

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name.

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensures that paths used by the File system objects list Parameter are restricted to an allow list, with the default base directory set to $JENKINS_HOME/userContent/. The allow list can be configured to include additional custom base directories.

A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.

Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor.

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,

About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability. An unauthenticated attacker with network access to the Palo Alto device web management interface could gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated vulnerabilities. Firewalls of the PA, VM, CN series and the Panorama management platform are vulnerable. The vendor […]