In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 17-18, 2024.
During this period, The National Vulnerability Database published 11, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 4
Medium: 2
Low: 1
Severity Not Assigned: 3
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-52867
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.
References: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2020-25720
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
References: https://access.redhat.com/security/cve/CVE-2020-25720
https://bugzilla.redhat.com/show_bug.cgi?id=2305954
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-4639
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
References: https://access.redhat.com/errata/RHSA-2024:1674
https://access.redhat.com/errata/RHSA-2024:1675
https://access.redhat.com/errata/RHSA-2024:1676
https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:2763
https://access.redhat.com/errata/RHSA-2024:2764
https://access.redhat.com/errata/RHSA-2024:3919
https://access.redhat.com/security/cve/CVE-2023-4639
https://bugzilla.redhat.com/show_bug.cgi?id=2166022
CWE-ID: CWE-444
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0793
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
References: https://access.redhat.com/errata/RHSA-2024:0741
https://access.redhat.com/errata/RHSA-2024:1267
https://access.redhat.com/security/cve/CVE-2024-0793
https://bugzilla.redhat.com/show_bug.cgi?id=2214402
https://github.com/openshift/kubernetes/pull/1876
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-43091
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2239091
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 17-18, 2024.
During this period, The National Vulnerability Database published 11, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 4
Medium: 2
Low: 1
Severity Not Assigned: 3
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-52867
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.
References: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2020-25720
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
References: https://access.redhat.com/security/cve/CVE-2020-25720
https://bugzilla.redhat.com/show_bug.cgi?id=2305954
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-4639
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
References: https://access.redhat.com/errata/RHSA-2024:1674
https://access.redhat.com/errata/RHSA-2024:1675
https://access.redhat.com/errata/RHSA-2024:1676
https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:2763
https://access.redhat.com/errata/RHSA-2024:2764
https://access.redhat.com/errata/RHSA-2024:3919
https://access.redhat.com/security/cve/CVE-2023-4639
https://bugzilla.redhat.com/show_bug.cgi?id=2166022
CWE-ID: CWE-444
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0793
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
References: https://access.redhat.com/errata/RHSA-2024:0741
https://access.redhat.com/errata/RHSA-2024:1267
https://access.redhat.com/security/cve/CVE-2024-0793
https://bugzilla.redhat.com/show_bug.cgi?id=2214402
https://github.com/openshift/kubernetes/pull/1876
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-43091
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2239091
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found