Dernières vulnérabilités du Vendredi 30 Juin 2023

Dernières vulnérabilités du Vendredi 30 Juin 2023
{{titre}}

Dernière mise à jour efféctuée le 30/06/2023 à 23:58:02

(3) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Vulnérabilité ID : CVE-2023-2834

Première publication le : 30-06-2023 02:15:08
Dernière modification le : 30-06-2023 12:59:58

Description :
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CVE ID : CVE-2023-2834
Source : security@wordfence.com
Score CVSS : 9.8

Références :
https://lana.codes/lanavdb/0dea1346-fd60-4338-8af6-6f89c29075d4/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/CustomerController.php#L27 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/database/Customers.php#L63 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2919529/bookit | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2925153/bookit | source : security@wordfence.com
https://www.wordfence.com/blog/2023/06/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-288


Vulnérabilité ID : CVE-2023-3249

Première publication le : 30-06-2023 02:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

CVE ID : CVE-2023-3249
Source : security@wordfence.com
Score CVSS : 9.8

Références :
https://plugins.trac.wordpress.org/browser/web3-authentication/tags/2.6.0/classes/common/Web3/controller/class-moweb3flowhandler.php#L198 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e30b62de-7280-4c29-b882-dfa83e65966b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-288


Vulnérabilité ID : CVE-2023-36477

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 30-06-2023 19:15:09

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.

CVE ID : CVE-2023-36477
Source : security-advisories@github.com
Score CVSS : 9.0

Références :
https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2 | source : security-advisories@github.com
https://jira.xwiki.org/browse/CKEDITOR-508 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20590 | source : security-advisories@github.com

Vulnérabilité : CWE-79


(3) Vulnérabilité(s) HIGH [7.0, 8.9]

Vulnérabilité ID : CVE-2023-3063

Première publication le : 30-06-2023 02:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.

CVE ID : CVE-2023-3063
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L149 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-639


Vulnérabilité ID : CVE-2023-2846

Première publication le : 30-06-2023 05:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

CVE ID : CVE-2023-2846
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 7.5

Références :
https://jvn.jp/vu/JVNVU94519952 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-294


Vulnérabilité ID : CVE-2023-26135

Première publication le : 30-06-2023 05:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.

CVE ID : CVE-2023-26135
Source : report@snyk.io
Score CVSS : 7.3

Références :
https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43 | source : report@snyk.io
https://github.com/brycebaril/node-flatnest/issues/4 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-FLATNEST-3185149 | source : report@snyk.io


(10) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Vulnérabilité ID : CVE-2023-35946

Première publication le : 30-06-2023 21:15:09
Dernière modification le : 30-06-2023 21:15:09

Description :
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.

CVE ID : CVE-2023-35946
Source : security-advisories@github.com
Score CVSS : 6.9

Références :
https://docs.gradle.org/current/userguide/dependency_verification.html | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 | source : security-advisories@github.com
https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-35947

Première publication le : 30-06-2023 21:15:09
Dernière modification le : 30-06-2023 21:15:09

Description :
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)

CVE ID : CVE-2023-35947
Source : security-advisories@github.com
Score CVSS : 6.9

Références :
https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 | source : security-advisories@github.com
https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-36807

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 30-06-2023 19:15:09

Description :
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.

CVE ID : CVE-2023-36807
Source : security-advisories@github.com
Score CVSS : 6.2

Références :
https://github.com/py-pdf/pypdf/issues/1329 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/pull/1331 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m | source : security-advisories@github.com

Vulnérabilité : CWE-835


Vulnérabilité ID : CVE-2023-36810

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 30-06-2023 19:15:09

Description :
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-36810
Source : security-advisories@github.com
Score CVSS : 6.2

Références :
https://github.com/py-pdf/pypdf/issues/582 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/pull/808 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw | source : security-advisories@github.com

Vulnérabilité : CWE-407


Vulnérabilité ID : CVE-2023-37360

Première publication le : 30-06-2023 18:15:10
Dernière modification le : 30-06-2023 18:15:10

Description :
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

CVE ID : CVE-2023-37360
Source : cve@mitre.org
Score CVSS : 5.9

Références :
https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36539

Première publication le : 30-06-2023 03:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

CVE ID : CVE-2023-36539
Source : security@zoom.us
Score CVSS : 5.3

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us


Vulnérabilité ID : CVE-2023-3469

Première publication le : 30-06-2023 01:15:08
Dernière modification le : 30-06-2023 12:59:58

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

CVE ID : CVE-2023-3469
Source : security@huntr.dev
Score CVSS : 5.2

Références :
https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278 | source : security@huntr.dev
https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3473

Première publication le : 30-06-2023 07:15:08
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.

CVE ID : CVE-2023-3473
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/E1CHO/cve_hub/blob/main/Retro%20Cellphone%20Online%20Store%20-%20vlun%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.232752 | source : cna@vuldb.com
https://vuldb.com/?id.232752 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3478

Première publication le : 30-06-2023 12:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3478
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/ShuangbiaoDai/CVE/blob/main/ibos%20oa.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.232759 | source : cna@vuldb.com
https://vuldb.com/?id.232759 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3479

Première publication le : 30-06-2023 10:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

CVE ID : CVE-2023-3479
Source : security@huntr.dev
Score CVSS : 4.3

Références :
https://github.com/hestiacp/hestiacp/commit/2326aa525a7ba14513af783f29cb5e62a476e67a | source : security@huntr.dev
https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723 | source : security@huntr.dev

Vulnérabilité : CWE-79


(5) Vulnérabilité(s) LOW [0.1, 3.9]

Vulnérabilité ID : CVE-2023-3474

Première publication le : 30-06-2023 07:15:08
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.

CVE ID : CVE-2023-3474
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232753 | source : cna@vuldb.com
https://vuldb.com/?id.232753 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3475

Première publication le : 30-06-2023 07:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3475
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232754 | source : cna@vuldb.com
https://vuldb.com/?id.232754 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3476

Première publication le : 30-06-2023 07:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.

CVE ID : CVE-2023-3476
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232755 | source : cna@vuldb.com
https://vuldb.com/?id.232755 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3477

Première publication le : 30-06-2023 08:15:21
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

CVE ID : CVE-2023-3477
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232756 | source : cna@vuldb.com
https://vuldb.com/?id.232756 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3485

Première publication le : 30-06-2023 18:15:10
Dernière modification le : 30-06-2023 18:15:10

Description :
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.

CVE ID : CVE-2023-3485
Source : security@temporal.io
Score CVSS : 3.0

Références :
https://github.com/temporalio/temporal/releases/tag/v1.20.0 | source : security@temporal.io

Vulnérabilité : CWE-1188Vulnérabilité : CWE-863


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.