Critical severity. Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have…
[ibexa/admin-ui] Ibexa DXP users with the Company admin role can assign any role to any user
Critical severity. Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have…
[ibexa/core] Ibexa DXP users with the Company admin role can assign any role to any user
Critical severity. Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have…
[ibexa/admin-ui] ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Critical severity. It is possible to inject JavaScript XSS in the content type entries “name” and “short name”. To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrat…
[ezsystems/ezplatform-admin-ui] ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
It is possible to inject JavaScript XSS in the content type entries “name” and “short name”. To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, pleas…
[ibexa/graphql] GraphQL queries can expose password hashes
Impact
Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.
Patches
Affected versions: Ibexa DXP v3.3.*, v4.2.*…
[github.com/go-vela/worker] Vela Insecure Defaults
Impact
Some current default configurations for Vela allow exploitation and container breakouts.
Default Privileged Images
Running Vela plugins as privileged Docker containers allows a malicious user to easily break out of the container and gain access …
[parse-server] Remote code execution via MongoDB BSON parser through prototype pollution
Impact
An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser.
Patches
Prevent prototype pollution in MongoDB database adapter.
Workarounds
Disable remote code execution through the MongoDB…
[github.com/btcsuite/btcd] btcd mishandles witness size checking
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44797
https://github.com/lightningnetwork/lnd/issues/7002
h…
[github.com/pingcap/tidb] TiDB vulnerable to Use of Externally-Controlled Format String
TiDB is vulnerable to Use of Externally-Controlled Format String. A patch is available on the master branch and expected to be part of versions 6.4.0 and 6.1.3.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3023
https://github.com/pingcap/tidb/…