Impact
Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro.
The URL &l…
[org.xwiki.platform:xwiki-platform-user-profile-ui] Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
Impact
Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki.
Patches
The …
[org.xwiki.platform:xwiki-platform-oldcore] Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Impact
It’s possible for a user with only Script rights to enable or disable a user: this operation should be only doable for users with admin rights.
Patches
This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
Workarounds
There is no …
[org.xwiki.platform:xwiki-platform-attachment-ui] Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml
Impact
Any user with the right to edit his personal page can follow one of the scenario below:
Scenario 1:
Log in as a simple user with just edit rights on the user profile
Go to the user’s profile
Upload an attachment in the attachment tab at the bot…
[org.xwiki.platform:xwiki-platform-tag-ui] Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
Impact
It’s possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack.
Patches
The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1.
Workarounds
It’s possible to patch…
[tailscale.com/cmd] Tailscale daemon is vulnerable to information disclosure via CSRF
A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables.
Affected platforms: All
Patched Tailscale client versions: v1.32.3 or later, v1.33.2…
[tailscale/tailscale.com/cmd] Tailscale Windows daemon is vulnerable to RCE via CSRF
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code.
Affected platforms: Windows
Patched Tailscale client versions: v1.32….
[github.com/duke-git/lancet/v2/fileutil] Lancet vulnerable to path traversal when unzipping files
Impact
What kind of vulnerability is it? Who is impacted?
ZipSlip issue when use fileutil package to unzip files.
Patches
Has the problem been patched? What versions should users upgrade to?
It will fixed in v2.1.10, Please upgrade version to v2.1.10 o…
[fastify] Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Impact
The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch() requests with Content-Type’s essence as “application/x-www-form-urlencoded”, “multipart/form-data”, or “text/plain”, could potentially be used to…
[tensorflow-cpu] Invalid char to bool conversion when printing a tensor
Impact
When printing a tensor, we get it’s data as a const char* array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzz…