2024-41 Java Security Weekly News - Red Hat, GitHub, Spring
2024 » Published on October 25, 2024
 | Red Hat Security Advisory |
 | Github Security Advisories |
| [GHSA-cx95-q6gx-w4qp] SAK-50571 Sakai Kernel users created with type roleview can login as a normal user org.sakaiproject.kernel:sakai-kernel-impl - impacts versions: >= 23.0, < 23.3 fixed in: 23.3 [GHSA-qh8g-58pp-2wxh] Eclipse Jetty URI parsing of invalid authority org.eclipse.jetty:jetty-http - impacts versions: >= 7.0.0, <= 12.0.11 fixed in: 12.0.12 [GHSA-g8m5-722r-8whq] Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks org.eclipse.jetty:jetty-server - impacts versions: >= 12.0.0, <= 12.0.8 fixed in: 12.0.9 org.eclipse.jetty:jetty-server - impacts versions: >= 10.0.0, <= 10.0.23 fixed in: 10.0.24 org.eclipse.jetty:jetty-server - impacts versions: >= 11.0.0, <= 11.0.23 fixed in: 11.0.24 org.eclipse.jetty:jetty-server - impacts versions: >= 9.3.12, <= 9.4.55 fixed in: 9.4.56 [GHSA-r7m4-f9h5-gr79] Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks org.eclipse.jetty:jetty-servlets - impacts versions: >= 10.0.0, <= 10.0.17 fixed in: 10.0.18 org.eclipse.jetty:jetty-servlets - impacts versions: >= 11.0.0, <= 11.0.17 fixed in: 11.0.18 org.eclipse.jetty:jetty-servlets - impacts versions: >= 12.0.0, <= 12.0.3 fixed in: 12.0.4 [GHSA-xmmm-jw76-q7vg] One Time Passcode (OTP) is valid longer than expiration timeSeverity org.keycloak:keycloak-core - impacts versions: < 24.0.7 fixed in: 24.0.7 org.keycloak:keycloak-core - impacts versions: >= 25.0.0, < 25.0.4 fixed in: 25.0.4 [GHSA-5rxp-2rhr-qwqv] Session fixation in Elytron SAML adapters org.keycloak:keycloak-services - impacts versions: <= 22.0.11 fixed in: 22.0.12 org.keycloak:keycloak-services - impacts versions: >= 23.0.0, <= 24.0.6 fixed in: 24.0.7 org.keycloak:keycloak-services - impacts versions: >= 25.0.0, < 25.0.5 fixed in: 25.0.5 [GHSA-w8gr-xwp4-r9f7] Vulnerable Redirect URI Validation Results in Open Redirect org.keycloak:keycloak-services - impacts versions: <= 22.0.12 fixed in: 22.0.13 org.keycloak:keycloak-services - impacts versions: >= 23.0.0, <= 24.0.7 fixed in: 24.0.8 org.keycloak:keycloak-services - impacts versions: >= 25.0.0, <= 25.0.5 fixed in: 25.0.6 [GHSA-xgfv-xpx8-qhcr] Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak org.keycloak:keycloak-saml-core - impacts versions: <= 22.0.12 fixed in: 22.0.13 org.keycloak:keycloak-saml-core - impacts versions: >= 23.0.0, <= 24.0.7 fixed in: 24.0.8 org.keycloak:keycloak-saml-core - impacts versions: >= 25.0.0, <= 25.0.5 fixed in: 25.0.6 |
 | Spring Security Advisories |
 | Java CVEs |
| 8.8 | CVE-2024-10133 A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, October 19, 2024 |
| 8.8 | CVE-2024-10134 A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, October 19, 2024 |
| 8.8 | CVE-2024-10135 A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, October 19, 2024 |
| N/A | CVE-2024-10277 A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Wednesday, October 23, 2024 |
| N/A | CVE-2024-10278 A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Wednesday, October 23, 2024 |
| N/A | CVE-2024-10279 A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Wednesday, October 23, 2024 |
| N/A | CVE-2024-47883 The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch. Published Thursday, October 24, 2024 |
| N/A | CVE-2024-10376 A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Friday, October 25, 2024 |
| N/A | CVE-2024-10377 A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2024-10069. The vendor was contacted early about this disclosure but did not respond in any way. Published Friday, October 25, 2024 |
| N/A | CVE-2024-10378 A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Friday, October 25, 2024 |
| N/A | CVE-2024-10379 A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way. Published Friday, October 25, 2024 |