Vulnerability type
Data Validation
Detail
When an etcd instance attempts to perform service discovery, if a cluster size is provided as a negative value, the etcd instance will panic without recovery.
References
Find out more on this vulnerability in t…
[go.etcd.io/etcd/client/v3] etcd user credentials are stored in WAL logs in plaintext
Vulnerability type
Data Exposure
Workarounds
The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure. The …
[go.etcd.io/etcd/client/v3] etcd has no minimum password length
Vulnerability type
Access Control
Workarounds
The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. It is the responsibility of the administrator to enforce these requirements.
Detai…
[go.etcd.io/etcd/v3] etcd vulnerable to TOCTOU of gateway endpoint authentication
Vulnerability type
Authentication
Workarounds
Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation.
Detail
The gateway only authenticates endpoints detected from…
[go.etcd.io/etcd/v3] etcd’s WAL `ReadAll` method vulnerable to an entry with large index causing panic
Vulnerability type
Data Validation
Detail
In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd conse…
[github.com/caddyserver/caddy/caddyhttp/httpserver] Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-21246
https://github.com/caddyserver/caddy/c…
[generator-jhipster] generator-jhipster vulnerable to login check Regular Expression Denial of Service
Impact
For applications using JWT or session-based authentication (not OIDC), users can input a login string which can cause a denial of service, as parsing it will be too complex.
Here is an example: https://gist.github.com/atomfrede/311f8a9c6eb74c5c5…
[phpmailer/phpmailer] PHPMailer vulnerable to email header injection
Impact
Arbitrary additional email headers can be injected via crafted From or Sender headers.
Patches
Fixed in 2.2.1
Workarounds
Filter user-supplied values prior to using them in From or Sender properties.
References
https://nvd.nist.gov/vuln/detail/C…
[codeigniter4/framework] Codeigniter4’s Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Impact
Setting $secure or $httponly value to true in Config\Cookie is not reflected in set_cookie() or Response::setCookie().
Note
This vulnerability does not affect session cookies.
The following code does not issue a cookie with the secure flag eve…
[github.com/sylabs/sif/v2] SIF’s Digital Signature Hash Algorithms Not Validated
Impact
The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.
Patches
A patch is available in version >= v2.8.1 of the module. Users are enco…