Latest vulnerabilities of Friday, November 24, 2023

Latest vulnerabilities of Friday, November 24, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/24/2023 at 11:57:05 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2023-48312

First published on : 24-11-2023 18:15:07
Last modified on : 24-11-2023 18:15:07

Description :
capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.

CVE ID : CVE-2023-48312
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823 | source : security-advisories@github.com
https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp | source : security-advisories@github.com

Vulnerability : CWE-287


(4) HIGH VULNERABILITIES [7.0, 8.9]

Source : emc.com

Vulnerability ID : CVE-2023-44303

First published on : 24-11-2023 03:15:07
Last modified on : 24-11-2023 15:24:57

Description :
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.

CVE ID : CVE-2023-44303
Source : security_alert@emc.com
CVSS Score : 7.5

References :
https://www.dell.com/support/kbdoc/en-us/000219712/dsa-2023-426-security-update-for-rvtools-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-310


Source : redhat.com

Vulnerability ID : CVE-2023-6277

First published on : 24-11-2023 19:15:07
Last modified on : 24-11-2023 19:15:07

Description :
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVE ID : CVE-2023-6277
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-6277 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2251311 | source : secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/issues/614 | source : secalert@redhat.com
https://gitlab.com/libtiff/libtiff/-/merge_requests/545 | source : secalert@redhat.com

Vulnerability : CWE-400


Source : huntr.dev

Vulnerability ID : CVE-2023-6293

First published on : 24-11-2023 20:15:07
Last modified on : 24-11-2023 20:15:07

Description :
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.

CVE ID : CVE-2023-6293
Source : security@huntr.dev
CVSS Score : 7.5

References :
https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78 | source : security@huntr.dev
https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2 | source : security@huntr.dev

Vulnerability : CWE-1321


Source : github.com

Vulnerability ID : CVE-2023-48712

First published on : 24-11-2023 17:15:08
Last modified on : 24-11-2023 17:15:08

Description :
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48712
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76 | source : security-advisories@github.com
https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr | source : security-advisories@github.com

Vulnerability : CWE-863


(4) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6274

First published on : 24-11-2023 14:15:08
Last modified on : 24-11-2023 15:24:57

Description :
A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6274
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Carol7S/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246103 | source : cna@vuldb.com
https://vuldb.com/?id.246103 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6276

First published on : 24-11-2023 16:15:06
Last modified on : 24-11-2023 16:15:06

Description :
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.

CVE ID : CVE-2023-6276
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/YXuanZ1216/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.246105 | source : cna@vuldb.com
https://vuldb.com/?id.246105 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-48707

First published on : 24-11-2023 18:15:07
Last modified on : 24-11-2023 18:15:07

Description :
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48707
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/codeigniter4/shield/commit/f77c6ae20275ac1245330a2b9a523bf7e6f6202f | source : security-advisories@github.com
https://github.com/codeigniter4/shield/security/advisories/GHSA-v427-c49j-8w6x | source : security-advisories@github.com

Vulnerability : CWE-312


Vulnerability ID : CVE-2023-48708

First published on : 24-11-2023 18:15:07
Last modified on : 24-11-2023 18:15:07

Description :
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.

CVE ID : CVE-2023-48708
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://codeigniter4.github.io/shield/getting_started/authenticators/ | source : security-advisories@github.com
https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4 | source : security-advisories@github.com
https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w | source : security-advisories@github.com

Vulnerability : CWE-532


(4) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-48711

First published on : 24-11-2023 17:15:07
Last modified on : 24-11-2023 17:15:07

Description :
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48711
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/cjvnjde/google-translate-api-browser/commit/33c2eac4a21c6504409e7b06dd16e6346f93d34b | source : security-advisories@github.com
https://github.com/cjvnjde/google-translate-api-browser/security/advisories/GHSA-4233-7q5q-m7p6 | source : security-advisories@github.com

Vulnerability : CWE-918


Source : checkmk.com

Vulnerability ID : CVE-2023-6251

First published on : 24-11-2023 09:15:09
Last modified on : 24-11-2023 15:24:57

Description :
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.

CVE ID : CVE-2023-6251
Source : security@checkmk.com
CVSS Score : 3.5

References :
https://checkmk.com/werk/16224 | source : security@checkmk.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2023-6275

First published on : 24-11-2023 15:15:07
Last modified on : 24-11-2023 15:24:57

Description :
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6275
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.246104 | source : cna@vuldb.com
https://vuldb.com/?id.246104 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-26279

First published on : 24-11-2023 00:15:10
Last modified on : 24-11-2023 15:24:57

Description :
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

CVE ID : CVE-2023-26279
Source : psirt@us.ibm.com
CVSS Score : 3.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/213551 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7081403 | source : psirt@us.ibm.com

Vulnerability : CWE-116


(5) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-33706

First published on : 24-11-2023 02:15:42
Last modified on : 24-11-2023 15:24:57

Description :
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.

CVE ID : CVE-2023-33706
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.pridesec.com.br/en/insecure-direct-object-reference-idor-affects-helpdesk-sysaid/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38914

First published on : 24-11-2023 13:15:07
Last modified on : 24-11-2023 13:15:07

Description :
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-38914
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-46575

First published on : 24-11-2023 14:15:08
Last modified on : 24-11-2023 15:24:57

Description :
A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.

CVE ID : CVE-2023-46575
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f | source : cve@mitre.org
https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179 | source : cve@mitre.org
https://github.com/meshery/meshery/pull/9372 | source : cve@mitre.org
https://meshery.io | source : cve@mitre.org


Vulnerability ID : CVE-2023-49298

First published on : 24-11-2023 19:15:07
Last modified on : 24-11-2023 19:15:07

Description :
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.

CVE ID : CVE-2023-49298
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 | source : cve@mitre.org
https://github.com/openzfs/zfs/issues/15526 | source : cve@mitre.org
https://github.com/openzfs/zfs/pull/15571 | source : cve@mitre.org
https://news.ycombinator.com/item?id=38405731 | source : cve@mitre.org
https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-48796

First published on : 24-11-2023 08:15:20
Last modified on : 24-11-2023 15:24:57

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

CVE ID : CVE-2023-48796
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/24/1 | source : security@apache.org
https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo | source : security@apache.org

Vulnerability : CWE-200


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.