#vulnerability

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) A total of 11 trending vulnerabilities: 🔻 Elevation of Privilege – Windows Cloud Files […]

### Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. ### Patches Upgrade to version 4.2.5 or 2.14.3. ### Required Actions To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys: The XRP Ledger supports key rotation: https://xrpl.org/docs/tutorials/how-tos/manage-account-settings/assign-a-regular-key-pair If any account's master key is potentially compromised, you should disable it: https://xrpl.org/docs/tutorials/how-tos/manage-account-settings/disable-master-key-pair ### References https://www.aikido.dev/blog/xrp-...

An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…

### Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. The severity of the vulnerability is mitigated by the fact that the application UI and the JPA Web API are typically accessible only to authenticated users. ### Patches The problem has been fixed in CUBA JPA Web API add-on 1.1.1. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application). ### References [Files Functionality Vulnerabilities :: Jmix Documentation](https://docs.jmix.io/jmix/files-vulnerabilities.html) Similar vulnerability in Jmix: [XSS in the /files Endpoint of the Generic REST API · Advisory · jmix...

### Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. ### Patches The problem has been fixed in CUBA REST API add-on 7.2.7. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application). ### References [Files Functionality Vulnerabilities :: Jmix Documentation](https://docs.jmix.io/jmix/files-vulnerabilities.html) Similar vulnerability in Jmix: [XSS in the /files Endpoint of the Generic REST API · Advisory · jm...

### Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. ### Patches The problem has been fixed in CUBA 7.2.23. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application). ### References [Files Functionality Vulnerabilities :: Jmix Documentation](https://docs.jmix.io/jmix/files-vulnerabilities.html) Similar vulnerability in Jmix: [DoS in the Local File Storage · Advisory · jmix-framework/jmix](https://github.com/jmix-framework/jmix/security/advisories/GHSA-...

### Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the /files endpoint in Jmix requires specific permissions and is disabled by default. ### Patches The problem has been fixed in Jmix 1.6.2+ and 2.4.0+. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application).

### Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the /files endpoint in Jmix requires specific permissions and is disabled by default. ### Patches The problem has been fixed in Jmix 1.6.2+ and 2.4.0+. ### Workarounds A workaround for those who are unable to upgrade: [Disable Files Endpoint in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application).

### Summary An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. ### Details DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. Using the server API, it quite easy to trigger. For example, using the `run_as` endpoint (implemented by `run_as_login` in `api/api/controllers/security_controller.py`): the `auth_context` argument is completely controlled by the attacker, and is forwarded to the master server to handle. By sending a malicious `run_as` request to a worker server, it is possible to execute code on...

### Impact Attackers could manipulate the `FileRef` parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the `FileRef` directly in the database or by supplying a harmful value in the `fileRef` parameter of the `/files` endpoint of the generic REST API. Arbitrary file reading on the operating system where the Jmix process is running. The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the `/files` endpoint in Jmix requires specific permissions and is disabled by default. ### Workarounds A workaround for those who are unable to upgrade: [Fix Path Traversal in Jmix Application](https://docs.jmix.io/jmix/files-vulnerabilities.html#fix-path-traversal-in-jmix-application). ### Credit Cai, Qi Qi of Siemens China Cybersecurity Testing...