{"vulnerability": "CVE-2023-4245", "sightings": [{"uuid": "ac77e615-ba12-430a-adca-f0d743b1905e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42453", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42453\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2023-09-26T20:49:23.365Z\n\ud83d\udccf Modified: 2025-06-18T14:11:32.728Z\n\ud83d\udd17 References:\n1. https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x\n2. https://github.com/matrix-org/synapse/pull/16327\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/\n5. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/\n6. https://security.gentoo.org/glsa/202401-12", "creation_timestamp": "2025-06-18T14:42:03.000000Z"}, {"uuid": "a0bd7cd5-ee96-44ae-8aa6-0d16c3eb645c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42456", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5319", "content": "\u0422\u0443\u0442 \u0432 Ubuntu \u0440\u0435\u0448\u0438\u043b\u0438 \u0437\u0430\u0442\u0430\u0449\u0438\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430 Rust \u043d\u0430\u043f\u0438\u0441\u0430\u043d\n\n\u0412\u043e\u043e\u0431\u0449\u0435 \u044d\u0442\u043e \u0437\u043d\u0430\u043a\u043e\u0432\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e\n\n1. \u0410\u043d\u0430\u043b\u043e\u0433 \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\n2. \u042d\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0439 \u0448\u0430\u0433 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0443\u0442\u0438\u043b\u0438\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0435 \u0441 \"\u0438\u0441\u0442\u043e\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438\"\n\n\u042f \u043b\u0438\u0447\u043d\u043e \u043d\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0436\u0443 \u043d\u0438 \u043d\u0430 \u043a\u0430\u043a\u0438\u0435 \u043c\u043e\u0434\u043d\u044b\u0435 \"\ud83d\udca5blazing\ud83d\udcaafast\ud83d\ude80\" \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043f\u043e\u043a\u0430 \u043e\u043d\u0438 \u043d\u0435 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Canonical \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432 \u043e\u0441\u0435\u043d\u043d\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Ubuntu 25.10 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0430\u043d\u0430\u043b\u043e\u0433 \u0443\u0442\u0438\u043b\u0438\u0442\u044b sudo, \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c sudo-rs \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust. \u0412 \u043c\u0430\u0440\u0442\u0435 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0437\u0430\u043c\u0435\u043d\u044b \u0443\u0442\u0438\u043b\u0438\u0442 GNU Coreutils \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 uutils. \u041d\u0430 \u0441\u0442\u0430\u0434\u0438\u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u0437\u0430\u043c\u0435\u043d\u0435 zlib \u0438 ntpd \u043d\u0430 zlib-rs \u0438 ntpd-rs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044e Sequoia \u0432\u043c\u0435\u0441\u0442\u043e GnuPG \u0432 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 APT.\n\n\u0412 sudo-rs \u043f\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0430 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438 sudo \u0438 su, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c sudo-rs \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0439 \u0437\u0430\u043c\u0435\u043d\u044b sudo \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u0414\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u0435 \u0436\u0435\u043b\u0430\u044e\u0449\u0438\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u0430 uutils \u0438 sudo-rs, \u0432 Ubuntu 25.10 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u043a\u0430\u0442\u0430 \u043d\u0430 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442 coreutils \u0438 sudo.\n. . .\n\u0417\u0430\u043c\u0435\u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0441 \u043e\u0433\u043b\u044f\u0434\u043a\u043e\u0439 \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c, \u043d\u0430\u0434\u0451\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u044c. \u041f\u043e\u0441\u0442\u0430\u0432\u043a\u0430 \u0443\u0442\u0438\u043b\u0438\u0442, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust, \u0434\u0430\u0441\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u043a \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u0445\u043e\u0434 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430. \u0415\u0441\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u0437\u043d\u0430\u043d \u0443\u0434\u0430\u0447\u043d\u044b\u043c, \u0442\u043e \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043d\u0430 Rust \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 LTS-\u0432\u0435\u0442\u043a\u0435 Ubuntu 26.04.\n\u0412 Ubuntu 25.10 \u0440\u0435\u0448\u0435\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Rust\nhttps://www.opennet.ru/opennews/art.shtml?num=63197\n\n\u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Rust \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c. \u0412\u043e\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u044b CVE \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0435\u0441\u044f \u043a sudo\n\n- CVE-2019-18634 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/saleemrashid/sudo-cve-2019-18634/)\n\n- CVE-2021-3156 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/worawit/CVE-2021-3156)\n\n\u041d\u043e sudo-rs \u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u0435\u0449\u0451 \u043c\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u044b, \u0447\u0442\u043e \u0431\u044b \"\u043e\u0431\u043a\u0430\u0442\u0430\u0442\u044c\u0441\u044f\" \u0441 \u043b\u043e\u0433\u0438\u043a\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b. \u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2023-42456\n\nFor example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames...The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access.\nhttp://cve.org/CVERecord?id=CVE-2023-42456\n\nGitHub \u043f\u0440\u043e\u0435\u043a\u0442\u0430\nhttps://github.com/trifectatechfoundation/sudo-rs", "creation_timestamp": "2025-05-07T21:41:33.000000Z"}, {"uuid": "d9442ea1-9f24-407e-9c15-7b9ddf7f5fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42450", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18744", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42450\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.\n\ud83d\udccf Published: 2023-09-19T15:53:39.685Z\n\ud83d\udccf Modified: 2025-06-18T14:28:57.529Z\n\ud83d\udd17 References:\n1. https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4\n2. https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2", "creation_timestamp": "2025-06-18T14:41:44.000000Z"}, {"uuid": "813d2505-c8af-4476-af67-e5e3aa968a5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42459", "type": "seen", "source": "https://t.me/cibsecurity/72358", "content": "\u203c CVE-2023-42459 \u203c\n\nFast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T00:32:26.000000Z"}, {"uuid": "f17f1985-d7e6-4ece-ad71-9338c91c277b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42450", "type": "seen", "source": "https://t.me/cibsecurity/70743", "content": "\u203c CVE-2023-42450 \u203c\n\nMastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T20:34:36.000000Z"}, {"uuid": "c7fc4b39-1fcb-43fd-843d-ff67cd45ae6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42452", "type": "seen", "source": "https://t.me/cibsecurity/70741", "content": "\u203c CVE-2023-42452 \u203c\n\nMastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the \u00e2\u20ac\u0153Translate\u00e2\u20ac\ufffd button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T20:34:34.000000Z"}, {"uuid": "474bd8aa-719c-4553-9b8c-cf1caefeb925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4245", "type": "seen", "source": "https://t.me/cibsecurity/69515", "content": "\u203c CVE-2023-4245 \u203c\n\nThe WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T12:12:50.000000Z"}, {"uuid": "a243d6c8-c12e-4ece-9493-6c6dea1bb8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42451", "type": "seen", "source": "https://t.me/cibsecurity/70737", "content": "\u203c CVE-2023-42451 \u203c\n\nMastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T20:34:28.000000Z"}, {"uuid": "88965403-9171-4c78-83f5-d0167db8ce66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42454", "type": "seen", "source": "https://t.me/cibsecurity/70687", "content": "\u203c CVE-2023-42454 \u203c\n\nSQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable), with the web_root is the current working directory (the default), and with their database exposed publicly, is vulnerable to an attacker retrieving database connection information from SQLPage and using it to connect to their database directly. Version 0.11.0 fixes this issue. Some workarounds are available. Using an environment variable instead of the configuration file to specify the database connection string prevents exposing it on vulnerable versions. Using a different web root (that is not a parent of the SQLPage configuration directory) fixes the issue. One should also avoid exposing one's database publicly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T02:28:46.000000Z"}, {"uuid": "803ed1ae-f195-4c49-8476-915c4705caae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42450", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9247", "content": "#exploit\n1. CVE-2023-42450:\nFrom SSRF to RCE on Mastodon\nhttps://scumjr.github.io/2023/10/12/from-ssrf-to-rce-on-mastodon-cve-2023-42450\n\n2. CVE-2023-42120:\nControl Web Panel dns_zone_editor Cmd Injection RCE\nhttps://github.com/truonghuuphuc/CVE-2023-42120-Poc", "creation_timestamp": "2023-10-23T10:58:01.000000Z"}, {"uuid": "6d7f01f5-2219-4dd5-ad73-499531ed775f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42450", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1341", "content": "https://scumjr.github.io/2023/10/12/from-ssrf-to-rce-on-mastodon-cve-2023-42450/\nFrom SSRF to RCE on Mastodon (CVE-2023-42450)", "creation_timestamp": "2023-10-23T05:11:12.000000Z"}, {"uuid": "d0420a65-cfb5-4929-94d6-8279c4d8cae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42456", "type": "seen", "source": "https://t.me/cibsecurity/70912", "content": "\u203c CVE-2023-42456 \u203c\n\nSudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T20:31:09.000000Z"}, {"uuid": "54f264df-4678-41ca-a540-ab4ba4f8aa6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42457", "type": "seen", "source": "https://t.me/cibsecurity/70892", "content": "\u203c CVE-2023-42457 \u203c\n\nplone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T18:31:04.000000Z"}, {"uuid": "3ea09302-68d1-48a7-bd21-1a79db92daca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42458", "type": "seen", "source": "https://t.me/cibsecurity/70910", "content": "\u203c CVE-2023-42458 \u203c\n\nZope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-22T14:13:19.000000Z"}, {"uuid": "de718a3f-ab5f-4ff9-a1cd-f86f8548bd04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42450", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1479", "content": "#exploit\n1. CVE-2023-42450:\nFrom SSRF to RCE on Mastodon\nhttps://scumjr.github.io/2023/10/12/from-ssrf-to-rce-on-mastodon-cve-2023-42450\n\n2. CVE-2023-42120:\nControl Web Panel dns_zone_editor Cmd Injection RCE\nhttps://github.com/truonghuuphuc/CVE-2023-42120-Poc", "creation_timestamp": "2024-08-16T08:37:54.000000Z"}]}