![]() ![]() ![]() For more details see the referenced GHSL-2021-065. This issue leads to post-authenticated remote code execution. ![]() Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effective at controlling any code placed in Java annotations and therefore vulnerable to meta-programming escapes. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered sandbox.register GroovyInterceptor. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell sandbox. ZStack is open source IaaS infrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9 Rancher versions prior to 2.4.16. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16.Ī Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. XStream is a Java library to serialize objects to XML and back again. Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. An attacker can send a sequence of requests to trigger this vulnerability. A specially-crafted network request can lead to remote code execution. This vulnerability has been exploited in the wild.Ī path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.Īn authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |