π Friday Five 6/24 π
π Read
via "".
Read about how daycare apps may be putting your security at risk, why to double-check before ordering your COVID-19 test, the newest cybersecurity legislation signed into law, and more in this week's Friday Five!
π Read
via "".
βΌ CVE-2022-2104 βΌ
π Read
via "National Vulnerability Database".
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).π Read
via "National Vulnerability Database".
βΌ CVE-2022-1745 βΌ
π Read
via "National Vulnerability Database".
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1518 βΌ
π Read
via "National Vulnerability Database".
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1739 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1668 βΌ
π Read
via "National Vulnerability Database".
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2102 βΌ
π Read
via "National Vulnerability Database".
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32209 βΌ
π Read
via "National Vulnerability Database".
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21829 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing Γ’β¬Λconcrete_secureΓ’β¬β’ instead of Γ’β¬ΛconcreteΓ’β¬β’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30117 βΌ
π Read
via "National Vulnerability Database".
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesnΓ’β¬β’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1741 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1744 βΌ
π Read
via "National Vulnerability Database".
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1666 βΌ
π Read
via "National Vulnerability Database".
The default password for the web applicationΓ’β¬β’s root user (the vendorΓ’β¬β’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30120 βΌ
π Read
via "National Vulnerability Database".
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reportingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1742 βΌ
π Read
via "National Vulnerability Database".
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30118 βΌ
π Read
via "National Vulnerability Database".
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1517 βΌ
π Read
via "National Vulnerability Database".
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2121 βΌ
π Read
via "National Vulnerability Database".
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30651 βΌ
π Read
via "National Vulnerability Database".
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1746 βΌ
π Read
via "National Vulnerability Database".
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1524 βΌ
π Read
via "National Vulnerability Database".
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.π Read
via "National Vulnerability Database".