🔵Apache Ambari arbitrary file download vulnerability :

(DC: 278-2021)

https://dailycve.com/apache-ambari-arbitrary-file-download-vulnerability

Such exploit methods can be useful for pentesting other platforms


This vulnerability is mainly due to the use of "String requestURI =
httpRequest.getRequestURI();" in the authentication filter
(org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter)：

@Overridepublic void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;

String requestURI = httpRequest.getRequestURI();

SecurityContext context = getSecurityContext();

Authentication authentication = context.getAuthentication();

AuditEvent auditEvent = null;
....
}

Because when the web server processes the request, when accessing a
path like "/everyone-has-permission-path/..;/admin-has-permission-path",
the web server will return the resource "admin-has-permission- path",
but "httpRequest.getRequestURI()" in the filter will return the path
"/everyone-has-permission-path/..;/admin-has-permission-path", so in
the following code Will result in permission to pass the match：

@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain) throws IOException, ServletException {
...
if (authentication == null || authentication instanceof
AnonymousAuthenticationToken) {
...
}
if (authentication == null || authentication instanceof
AnonymousAuthenticationToken ||
!authentication.isAuthenticated()) {
...
} else if (!authorizationPerformedInternally(requestURI)) {
boolean authorized = false;

if (requestURI.matches(API_BOOTSTRAP_PATTERN_ALL)) {
authorized = AuthorizationHelper.isAuthorized(authentication,
ResourceType.CLUSTER,
null,
EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS));
}
else {
...
}

...
}
...
}

In fact, when I need to access the api under "/users.*", I only need
to use "/bootstrap/..;/users" to bypass certain authentication checks.

Of course, the APIs under "users.*" may require certain permissions to
access, but this is just an example, which means that in this way, you
will be able to bypass the authentication check to access other APIs
that require authentication to access.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Utimaco SecurityServer security vulnerabilities:

(DC: 279-2021)

https://dailycve.com/utimaco-securityserver-security-vulnerabilities

🔵Johnson Controls exacqVision: Access privileged data - Remote/unauthenticated:

(DC: 280-2021)

https://dailycve.com/johnson-controls-exacqvision-access-privileged-data-remoteunauthenticated

The owner of "Beeline" reduced the number of his staff by 11 times.
#International

Facebook, iOS, and Android also have a physical security key feature.
#Updates

unpatched Bug !

On the 23rd, OnePlus teases the arrival of game trigger attachments with the OnePlus 9R 5G.
#Technologies

Google Pixel 5a, new details emerge thanks to Android 12.
#Technologies

🔵Vscode-shellcheck security vulnerability:

(DC: 281-2021)

https://dailycve.com/vscode-shellcheck-security-vulnerability

🔵Vulnerability in Service Operation Interference (DoS) in Fuji Xerox MFPs and Printers:

(DC: 282-2021)

https://dailycve.com/vulnerability-service-operation-interference-dos-fuji-xerox-mfps-and-printers

🔵Grafana security vulnerabilities:

(DC: 283-2021)

https://dailycve.com/grafana-security-vulnerabilities

🔵Drupal bug in Varbase Layout Builder module:

(DC: 284-2021)

https://dailycve.com/drupal-bug-varbase-layout-builder-module

Is the HomePod, which hasn't sold well, still the dumbest smart speaker?
#Technologies

Amazon offers its almost free list of low cost items, here is the secret list.
#Updates

Ethical Hacking for beginners 4.6 Rating -free udemy :

https://www.udemy.com/course/ethical-hacking-beginners/

1hr 52min of on-demand video

Xiaomi is bringing a smartphone to Russia that can be broken in half with your hands.
#International

Cheap $ 70 imported smartphone directly from India, search for the optimal solution with cheapness and practicality.
#Technologies

🔵New wordpress unpatched bug : (Discovered since 2 hours)

(DC: 285-2021)

https://dailycve.com/new-wordpress-unpatched-bug

🔵Unpatched wordpress Gutenberg Plugin bug: (Discovered since 20 hours)

(DC: 286-2021)


https://github.com/WordPress/gutenberg/issues/30055