Carl Benevento’s Post

⚠️Medium Risk Vulnerability Alert⚠️: CVE-2024-5550 In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial. CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #h2o #apisecurity #owasp https://lnkd.in/dDqCHg6P

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ocean Data Systems Equipment : Dream Report 2023 Vulnerabilities : Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution or escalate their privileges and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Ocean Data Systems Dream Report, a report generating and delivery software, are affected: Dream Report 2023: Version 23.0.17795.1010 and prior AVEVA Reports for Operations 2023: Version 23.0.17795.1010 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY

🧟♂️ Villain of the Week 🧟♂️ CVE-2024-21534 affects all versions of the jsonpath-plus package prior to 10.0.0, which are vulnerable to Remote Code Execution. With a CVSS score of 9.8, this vulnerability is rated as Critical, posing a severe risk to your system's confidentiality, integrity, and availability.   📌 Why you should care This critical vulnerability could allow attackers to take control of your system, leading to data breaches, unauthorized access, or full system compromise. If your application relies on jsonpath-plus, you need to address this vulnerability immediately.   📋 Who is impacted? Anyone using versions of jsonpath-plus before 10.0.0 is at risk. This package is commonly used to query JSON data, and without proper input sanitization, it can become a target for attackers. If your system uses this package, ensure that you are using a secure version. Secure your systems with our scripts from vsociety: 🕵️♂️ Detection Script: https://lnkd.in/g65WNM-n 🔧 Remediation Script: https://lnkd.in/g9d6aEcu Stay proactive, stay safe! 

⚠️Medium Risk Vulnerability Alert⚠️: CVE-2024-28176 A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a result, the length of the JWE token, which is determined by the compressed content's size, can land below application-defined limits. In such cases, other existing application level mechanisms for preventing resource exhaustion may be rendered ineffective. Note that as per RFC 8725 compression of data SHOULD NOT be done before encryption, because such compressed data often reveals information about the plaintext. For this reason the v5.x major version of jose removed support for compressed payloads entirely and is therefore NOT affected by this advisory. CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #jose #apisecurity #owasp https://lnkd.in/d-gyUT6z

The blog post on the vulnerability in sshd-server CVE-2024-6387, also known as #regreSSHIon, is now live. Check it out! https://lnkd.in/gD2pHRMy

ESAFENET CDG https://lnkd.in/dUU_bznS delProtocol sql injectionA vulnerabi...A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/https://lnkd.in/dUU_bznS. The manipul...https://lnkd.in/dVjhyG9y

🚨 CVE-2024-21534 RCE in jsonpath-plus CVE-2024-21534 affects all versions of the jsonpath-plus package prior to 10.0.0, which are vulnerable to Remote Code Execution (RCE). This vulnerability is caused by improper input sanitization, allowing attackers to execute arbitrary code on the system through unsafe usage of the vm module in Node.js. With a CVSS score of 9.8, this vulnerability is rated as critical, posing a severe risk to your system's confidentiality, integrity, and availability. 💡 Why you should care This critical vulnerability could allow attackers to take control of your system, leading to data breaches, unauthorized access, or full system compromise. The CVSS score of 9.8 highlights the high severity and the potential impact of an attack. If your application relies on jsonpath-plus, you need to address this vulnerability immediately. 🎯 Who is Impacted? Anyone using versions of jsonpath-plus before 10.0.0 is at risk. This package is commonly used to query JSON data, and without proper input sanitization, it can become a target for attackers. If your system uses this package, ensure that you are using a secure version.Start securing your systems: 🛡️ How to protect yourself: Vicarius research team provides you two scripts to help secure your systems: 🔍 Detection Script: https://lnkd.in/dekWK_nk 🩹 Remediation Script: https://lnkd.in/dKMzazBP Question/feedback? Feel free to DM

Attackers copy and trivially alter Beacon samples publicly hosted on software repository websites. How do these altered samples allow threat actors to help evade detection? Using three different samples that were traced back to a public profile, Unit 42 researchers disseminate the C2 details of each and explain how these modifications can allow attackers to nimbly avoid detection.

Attackers copy and trivially alter Beacon samples publicly hosted on software repository websites. How do these altered samples allow threat actors to help evade detection? Using three different samples that were traced back to a public profile, Unit 42 researchers disseminate the C2 details of each and explain how these modifications can allow attackers to nimbly avoid detection.

🚨Critical Risk Vulnerability Alert! 🚨: CVE-2024-2083 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory. CVSSv3.1 Base Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #zenml #apisecurity #owasp https://lnkd.in/dWFrJKBM