Tag
#vulnerability
Artificial intelligence is transforming industries, but its adoption also raises ethical and cybersecurity concerns, especially in the regulated…
Was your Microsoft Entra ID account locked? Find out about the recent widespread lockouts caused by the new…
### Summary Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. For an attacker to bypass this control, they would first need the ability to run their malicious code (e.g., by a supply chain attack similar to tj-actions or exploiting a Pwn Request vulnerability)) on the runner. This vulnerability has been fixed in Harden-Runner version `v2.12.0`. ### Impact An attacker with the ability to run their malicious code on a runner configured with `disable-sudo: true` can escalate privileges to root using Docker, defeating the intended security control. ### Aff...
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through
## Summary [Amazon.IonDotnet (ion-dotnet)](https://github.com/amazon-ion/ion-dotnet) is a .NET library with an implementation of the [Ion data serialization format](https://amazon-ion.github.io/ion-docs/). An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition. ## Impact When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. **Impacted versions: <=1.3.0** ## Patches This issue has been addressed in Amazon.IonDotnet version [1.3.1](https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.1). We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorp...
### Impact When using [Wireguard transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg) in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. ### Patches This issue has been patched in https://github.com/cilium/cilium/pull/38592. This issue affects: - Cilium v1.15 between v1.15.0 and v1.15.15 inclusive - Cilium v1.16 between v1.16.0 and v1.16.8 inclusive - Cilium v1.17 between v1.17.0 and v1.17.2 inclusive This issue is fixed in: - Cilium v1.15.16 - Cilium v1.16.9 - Cilium v1.17.3 ### Workarounds There is no workaround to this issue. ### Acknowledgements The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @gandro and @pippolo84 for reporting this issue and to @julianwiedmann for the patch. ### For more information If you think you ...
## Impact There is a potential vulnerability in Traefik managing the requests using a `PathPrefix`, `Path` or `PathRegex` matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a `/../` in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. ## Example ```yaml apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: my-service spec: routes: - match: PathPrefix(‘/service’) kind: Rule services: - name: service-a port: 8080 middlewares: - name: my-middleware-a - match: PathPrefix(‘/service/sub-path’) kind: Rule services: - name: service-a port: 8080 ``` In such a case, the request `http://mydomain.example.com/service/sub-path/../other-path` will reach the backend `my-service-a` without operating the middleware `my-middleware-a` unless the computed path is `http://m...
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.