{"vulnerability": "CVE-2020-1523", "sightings": [{"uuid": "b38e3197-2bda-4cb0-b93f-02c55d264c0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15237", "type": "seen", "source": "https://t.me/cibsecurity/15062", "content": "\u203c CVE-2020-15237 \u203c\n\nIn Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-05T22:27:25.000000Z"}, {"uuid": "5ff0eb3a-357f-4fd0-9aae-dce8d64085d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15238", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1997", "content": "CVE's in Ubuntu Desktop:\n- Aptdaemon Information Disclosure (CVE-2020-15703)\n- PackageKit Information Disclosure (CVE-2020-16121)\n- Blueman Local Privilege Escalation/DoS (CVE-2020-15238)\nhttps://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html", "creation_timestamp": "2020-10-28T13:20:10.000000Z"}, {"uuid": "ac97f0a1-5035-4aff-82e1-3dafe68eec66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15231", "type": "seen", "source": "https://t.me/cibsecurity/15036", "content": "\u203c CVE-2020-15231 \u203c\n\nIn mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-03T00:54:26.000000Z"}, {"uuid": "5e629c78-544a-48fa-9fc6-44a236dfef9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15235", "type": "seen", "source": "https://t.me/cibsecurity/15058", "content": "\u203c CVE-2020-15235 \u203c\n\nIn RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-05T20:27:19.000000Z"}, {"uuid": "3ef7933b-3563-4840-9d79-e7f100bf61e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15239", "type": "seen", "source": "https://t.me/cibsecurity/15095", "content": "\u203c CVE-2020-15239 \u203c\n\nIn xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic. For example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access. If instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances. If the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload. The issue is patched in version 0.4.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-06T22:28:25.000000Z"}, {"uuid": "279686a5-07eb-41ec-b4a5-dbcc8c370286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15238", "type": "seen", "source": "https://t.me/cibsecurity/15621", "content": "\u203c CVE-2020-15238 \u203c\n\nBlueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-27T21:30:36.000000Z"}]}