In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 16-17, 2023.
During this period, The National Vulnerability Database published 163, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 13
Medium: 55
Low: 4
Severity Not Assigned: 86
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-5591
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
References: https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e
https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-38280
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/260740
https://www.ibm.com/support/pages/node/7047713
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-21413
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References: https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-21414
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References: https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-5422
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References: https://otrs.com/release-notes/otrs-security-advisory-2023-10/
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-3991
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
References: https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-20198
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
References: https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-40180
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
https://www.silverstripe.org/download/security-releases/CVE-2023-40180
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-45683
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.
References: https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79
https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-42459
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/eProsima/Fast-DDS/issues/3207
https://github.com/eProsima/Fast-DDS/pull/3824
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
CWE-ID: CWE-415 CWE-416 CWE-590
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-45128
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability.
References: https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a
https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368
CWE-ID: CWE-20 CWE-352 CWE-565 CWE-807
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-45141
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.
References: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
CWE-ID: CWE-352 CWE-565
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45144
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.
References: https://github.com/xwikisas/identity-oauth/blob/master/ui/src/main/resources/IdentityOAuth/LoginUIExtension.vm#L58
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6#diff-2ab2e0716443d790d7d798320e4a45151661f4eca5440331f4a227b29c87c188
https://github.com/xwikisas/identity-oauth/security/advisories/GHSA-h2rm-29ch-wfmh
https://jira.xwiki.org/browse/XWIKI-20719
CWE-ID: CWE-79 CWE-94
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43658
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://github.com/discourse/discourse-calendar/commit/9788310906febb36822d6823d14f1059c39644de
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-3fwj-f6ww-7hr6
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43659
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-44388
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.
References: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-45131
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-30991
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254037
https://www.ibm.com/support/pages/node/7047499
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 16-17, 2023.
During this period, The National Vulnerability Database published 163, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 13
Medium: 55
Low: 4
Severity Not Assigned: 86
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-5591
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
References: https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e
https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-38280
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/260740
https://www.ibm.com/support/pages/node/7047713
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-21413
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References: https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-21414
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References: https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-5422
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the
SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate
satisfies all necessary security requirements.
This could allow an
attacker to use an invalid certificate to claim to be a trusted host,
use expired certificates, or conduct other attacks that could be
detected if the certificate is properly validated.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
References: https://otrs.com/release-notes/otrs-security-advisory-2023-10/
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-3991
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
References: https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-20198
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
References: https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-40180
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
https://www.silverstripe.org/download/security-releases/CVE-2023-40180
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-45683
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.
References: https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79
https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-42459
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/eProsima/Fast-DDS/issues/3207
https://github.com/eProsima/Fast-DDS/pull/3824
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
CWE-ID: CWE-415 CWE-416 CWE-590
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-45128
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability.
References: https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a
https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368
CWE-ID: CWE-20 CWE-352 CWE-565 CWE-807
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-45141
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.
References: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
CWE-ID: CWE-352 CWE-565
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45144
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.
References: https://github.com/xwikisas/identity-oauth/blob/master/ui/src/main/resources/IdentityOAuth/LoginUIExtension.vm#L58
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6#diff-2ab2e0716443d790d7d798320e4a45151661f4eca5440331f4a227b29c87c188
https://github.com/xwikisas/identity-oauth/security/advisories/GHSA-h2rm-29ch-wfmh
https://jira.xwiki.org/browse/XWIKI-20719
CWE-ID: CWE-79 CWE-94
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43658
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://github.com/discourse/discourse-calendar/commit/9788310906febb36822d6823d14f1059c39644de
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-3fwj-f6ww-7hr6
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43659
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-44388
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.
References: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-45131
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-30991
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254037
https://www.ibm.com/support/pages/node/7047499
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found