In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 25-26, 2024.
During this period, The National Vulnerability Database published 95, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 28
Medium: 40
Low: 0
Severity Not Assigned: 18
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-29205
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
References: https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4161
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
References: https://support.broadcom.com/external/content/SecurityAdvisories/0/23284
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-51478
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
References: https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4173
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description:
A vulnerability in Brocade SANnav exposes Kafka in the wan interface.
The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
References: https://support.broadcom.com/external/content/SecurityAdvisories/0/23285
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-51482
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
References: https://patchstack.com/database/vulnerability/plugins-on-steroids/wordpress-eazy-plugin-manager-plugin-4-1-2-subscriber-arbitrary-options-update-lead-to-rce-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-51484
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
References: https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-22144
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.
References: https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve
https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve
https://sec.stealthcopter.com/cve-2024-22144/
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-25917
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.
References: https://patchstack.com/database/vulnerability/wp-setup-wizard/wordpress-wp-setup-wizard-plugin-1-0-8-1-subscriber-full-database-download-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-30560
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.
References: https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-31266
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.
References: https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-25583
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
References: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-4077
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3.
References: https://patchstack.com/database/vulnerability/u-design/wordpress-udesign-theme-4-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-2434
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/450303
https://hackerone.com/reports/2401952
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-2829
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/451456
https://hackerone.com/reports/2416728
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-4164
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/formModifyPppAuthWhiteMac.md
https://vuldb.com/?ctiid.261983
https://vuldb.com/?id.261983
https://vuldb.com/?submit.318588
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-4165
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/modifyDhcpRule.md
https://vuldb.com/?ctiid.261984
https://vuldb.com/?id.261984
https://vuldb.com/?submit.318589
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-4166
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md
https://vuldb.com/?ctiid.261985
https://vuldb.com/?id.261985
https://vuldb.com/?submit.318981
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-4167
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md
https://vuldb.com/?ctiid.261986
https://vuldb.com/?id.261986
https://vuldb.com/?submit.318983
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-4168
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md
https://vuldb.com/?ctiid.261987
https://vuldb.com/?id.261987
https://vuldb.com/?submit.318987
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-4169
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md
https://vuldb.com/?ctiid.261988
https://vuldb.com/?id.261988
https://vuldb.com/?submit.318988
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4170
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md
https://vuldb.com/?ctiid.261989
https://vuldb.com/?id.261989
https://vuldb.com/?submit.318991
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-4024
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/452426
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-4171
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromWizardHandle.md
https://vuldb.com/?ctiid.261990
https://vuldb.com/?id.261990
https://vuldb.com/?submit.318995
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22373
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-22391
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-6596
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
References: https://access.redhat.com/errata/RHSA-2024:0485
https://access.redhat.com/errata/RHSA-2024:0682
https://access.redhat.com/security/cve/CVE-2023-6596
https://bugzilla.redhat.com/show_bug.cgi?id=2253521
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-1139
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
References: https://access.redhat.com/security/cve/CVE-2024-1139
https://bugzilla.redhat.com/show_bug.cgi?id=2262158
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-1657
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
References: https://access.redhat.com/errata/RHSA-2024:1057
https://access.redhat.com/security/cve/CVE-2024-1657
https://bugzilla.redhat.com/show_bug.cgi?id=2265085
CWE-ID: CWE-1385
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-28240
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.
References: https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-28241
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.
References: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-3622
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.
References: https://access.redhat.com/security/cve/CVE-2024-3622
https://bugzilla.redhat.com/show_bug.cgi?id=2274400
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-3623
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
References: https://access.redhat.com/security/cve/CVE-2024-3623
https://bugzilla.redhat.com/show_bug.cgi?id=2274404
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-3624
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.
References: https://access.redhat.com/security/cve/CVE-2024-3624
https://bugzilla.redhat.com/show_bug.cgi?id=2274407
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-3625
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
References: https://access.redhat.com/security/cve/CVE-2024-3625
https://bugzilla.redhat.com/show_bug.cgi?id=2274408
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
35. CVE-2022-36028
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
References: https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
36. CVE-2022-36029
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
References: https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-0916
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
References: https://github.com/uvdesk/core-framework/pull/706
https://pentraze.com/vulnerability-reports/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 25-26, 2024.
During this period, The National Vulnerability Database published 95, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 28
Medium: 40
Low: 0
Severity Not Assigned: 18
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-29205
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
References: https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4161
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
References: https://support.broadcom.com/external/content/SecurityAdvisories/0/23284
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-51478
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
References: https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4173
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description:
A vulnerability in Brocade SANnav exposes Kafka in the wan interface.
The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
References: https://support.broadcom.com/external/content/SecurityAdvisories/0/23285
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-51482
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
References: https://patchstack.com/database/vulnerability/plugins-on-steroids/wordpress-eazy-plugin-manager-plugin-4-1-2-subscriber-arbitrary-options-update-lead-to-rce-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-51484
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
References: https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-22144
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.
References: https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve
https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve
https://sec.stealthcopter.com/cve-2024-22144/
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-25917
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.
References: https://patchstack.com/database/vulnerability/wp-setup-wizard/wordpress-wp-setup-wizard-plugin-1-0-8-1-subscriber-full-database-download-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-30560
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.
References: https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-31266
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.
References: https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-25583
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
References: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-4077
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3.
References: https://patchstack.com/database/vulnerability/u-design/wordpress-udesign-theme-4-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-2434
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/450303
https://hackerone.com/reports/2401952
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-2829
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/451456
https://hackerone.com/reports/2416728
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-4164
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/formModifyPppAuthWhiteMac.md
https://vuldb.com/?ctiid.261983
https://vuldb.com/?id.261983
https://vuldb.com/?submit.318588
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-4165
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/modifyDhcpRule.md
https://vuldb.com/?ctiid.261984
https://vuldb.com/?id.261984
https://vuldb.com/?submit.318589
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-4166
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md
https://vuldb.com/?ctiid.261985
https://vuldb.com/?id.261985
https://vuldb.com/?submit.318981
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-4167
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md
https://vuldb.com/?ctiid.261986
https://vuldb.com/?id.261986
https://vuldb.com/?submit.318983
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-4168
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md
https://vuldb.com/?ctiid.261987
https://vuldb.com/?id.261987
https://vuldb.com/?submit.318987
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-4169
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md
https://vuldb.com/?ctiid.261988
https://vuldb.com/?id.261988
https://vuldb.com/?submit.318988
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4170
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md
https://vuldb.com/?ctiid.261989
https://vuldb.com/?id.261989
https://vuldb.com/?submit.318991
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-4024
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/452426
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-4171
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromWizardHandle.md
https://vuldb.com/?ctiid.261990
https://vuldb.com/?id.261990
https://vuldb.com/?submit.318995
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22373
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-22391
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-6596
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
References: https://access.redhat.com/errata/RHSA-2024:0485
https://access.redhat.com/errata/RHSA-2024:0682
https://access.redhat.com/security/cve/CVE-2023-6596
https://bugzilla.redhat.com/show_bug.cgi?id=2253521
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-1139
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
References: https://access.redhat.com/security/cve/CVE-2024-1139
https://bugzilla.redhat.com/show_bug.cgi?id=2262158
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-1657
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
References: https://access.redhat.com/errata/RHSA-2024:1057
https://access.redhat.com/security/cve/CVE-2024-1657
https://bugzilla.redhat.com/show_bug.cgi?id=2265085
CWE-ID: CWE-1385
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-28240
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.
References: https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-28241
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.
References: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-3622
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.
References: https://access.redhat.com/security/cve/CVE-2024-3622
https://bugzilla.redhat.com/show_bug.cgi?id=2274400
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-3623
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
References: https://access.redhat.com/security/cve/CVE-2024-3623
https://bugzilla.redhat.com/show_bug.cgi?id=2274404
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-3624
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.
References: https://access.redhat.com/security/cve/CVE-2024-3624
https://bugzilla.redhat.com/show_bug.cgi?id=2274407
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-3625
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
References: https://access.redhat.com/security/cve/CVE-2024-3625
https://bugzilla.redhat.com/show_bug.cgi?id=2274408
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
35. CVE-2022-36028
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
References: https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
36. CVE-2022-36029
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
References: https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-0916
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
References: https://github.com/uvdesk/core-framework/pull/706
https://pentraze.com/vulnerability-reports/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found