101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

483
active users

#cve2024

0 posts0 participants0 posts today
Debby<p>🐍 Exciting news for Python enthusiasts! Check out "python strikes again" by Low Level! In this video, they dive into CVE-2024-48990 and explore how the needsrestart program can automatically restart outdated packages. Don't miss it! Watch here: <a href="https://youtu.be/CDtIS8XaJDY" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/CDtIS8XaJDY</span><span class="invisible"></span></a> or Invidious: <a href="https://invidious.reallyaweso.me/watch?v=CDtIS8XaJDY" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">invidious.reallyaweso.me/watch</span><span class="invisible">?v=CDtIS8XaJDY</span></a> <a href="https://hear-me.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://hear-me.social/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a> <a href="https://hear-me.social/tags/LowLevel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LowLevel</span></a> <a href="https://hear-me.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a> <a href="https://hear-me.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p><strong>High-Impact Security Vulnerabilities in Firefox 128</strong></p><p><strong>Date</strong>: July 9, 2024<br><strong>CVE</strong>: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615<br><strong>Vulnerability Type</strong>: <a href="https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting/tapjacking" rel="nofollow noopener" target="_blank">Tapjacking</a><br><strong>CWE</strong>: [[CWE-451]], [[CWE-922]]<br><strong>Sources</strong>: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/" rel="nofollow noopener" target="_blank">Mozilla Security Advisory</a></p><p><strong>Synopsis</strong></p><p>Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.</p><p>A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:</p><ol><li><strong>CVE-2024-6605</strong>: Firefox Android missed activation delay to prevent tapjacking (High) </li><li><strong>CVE-2024-6606</strong>: Out-of-bounds read in clipboard component (High)</li><li><strong>CVE-2024-6607</strong>: Leaving pointerlock by pressing the escape key could be prevented (Moderate)</li><li><strong>CVE-2024-6608</strong>: Cursor could be moved out of the viewport using pointerlock (Moderate)</li><li><strong>CVE-2024-6609</strong>: Memory corruption in NSS (Moderate)</li><li><strong>CVE-2024-6610</strong>: Form validation popups could block exiting full-screen mode (Moderate)</li><li><strong>CVE-2024-6600</strong>: Memory corruption in WebGL API (Moderate)</li><li><strong>CVE-2024-6601</strong>: Race condition in permission assignment (Moderate)</li><li><strong>CVE-2024-6602</strong>: Memory corruption in NSS (Moderate)</li><li><strong>CVE-2024-6603</strong>: Memory corruption in thread creation (Moderate)</li><li><strong>CVE-2024-6611</strong>: Incorrect handling of SameSite cookies (Low)</li><li><strong>CVE-2024-6612</strong>: CSP violation leakage when using devtools (Low)</li><li><strong>CVE-2024-6613</strong>: Incorrect listing of stack frames (Low)</li><li><strong>CVE-2024-6614</strong>: Incorrect listing of stack frames (Low)</li><li><strong>CVE-2024-6604</strong>: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)</li><li><strong>CVE-2024-6615</strong>: Memory safety bugs fixed in Firefox 128 (High)</li></ol><p><strong>Issue Summary</strong></p><p>Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.</p><p><strong>Technical Key Findings</strong></p><p>CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.</p><p><strong>Vulnerable Products</strong></p><ul><li>Firefox versions prior to 128</li><li>Firefox ESR versions prior to 115.13</li><li>Firefox Android versions prior to 128</li></ul><p><strong>Impact Assessment</strong></p><p>If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.</p><p><strong>Patches or Workaround</strong></p><p>Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.</p><p><strong>Tags</strong></p><p><a href="https://infosec.exchange/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-6605 <a href="https://infosec.exchange/tags/Tapjacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tapjacking</span></a> <a href="https://infosec.exchange/tags/SecurityUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityUpdate</span></a> <a href="https://infosec.exchange/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/MemoryCorruption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemoryCorruption</span></a> <a href="https://infosec.exchange/tags/OutOfBoundsRead" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OutOfBoundsRead</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>" <a href="https://infosec.exchange/tags/CiscoVuln" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CiscoVuln</span></a> Alert 🚨 CVE-2024-20338 Strikes Cisco Secure Client for Linux 🐧💥"</p><p>A newly disclosed vulnerability, CVE-2024-20338, with a CVSS score of 7.3, targets the Cisco Secure Client for Linux, specifically the ISE Posture Module. This critical flaw allows local attackers to potentially execute arbitrary code with root privileges due to an uncontrolled search path element. Cisco has promptly issued an update to patch this security loophole. Kudos to Ivan Agarkov of Wargaming for the find! Stay vigilant and update ASAP! 🛡️✅</p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://infosec.exchange/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a> <a href="https://infosec.exchange/tags/UpdateNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpdateNow</span></a></p><p><a href="https://www.auscert.org.au/bulletins/ESB-2024.1448/" rel="nofollow noopener" target="_blank">Source</a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"</p><p>JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻</p><p>🔗 Source: <a href="https://www.bleepingcomputer.com/news/security/exploit-available-for-new-critical-teamcity-auth-bypass-bug-patch-now/" rel="nofollow noopener" target="_blank">BleepingComputer</a></p><p>Tags: <a href="https://infosec.exchange/tags/JetBrains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JetBrains</span></a> <a href="https://infosec.exchange/tags/TeamCity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TeamCity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityAlert</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-27198 <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-27199 <a href="https://infosec.exchange/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rapid7</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://infosec.exchange/tags/AuthenticationBypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AuthenticationBypass</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p><p>🌍🔐👥</p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 Critical Security Alert: HikCentral Professional Vulnerabilities Exposed 🚨"</p><p>Hikvision's latest advisory reveals severe vulnerabilities in HikCentral Professional, identified by Michael Dubell and Abdulazeez Omar. CVE-2024-25063 and CVE-2024-25064, with CVSS scores of 7.5 and 4.3 respectively, highlight risks of unauthorized access due to insufficient server-side validation. Users are urged to upgrade to versions above V2.5.1 for enhanced security. Stay vigilant and prioritize updating to safeguard your systems! 🛡️💻🔐</p><p>CVE Summaries:</p><ul><li>CVE-2024-25063: Attackers could exploit server validation flaws to access restricted URLs, compromising confidentiality.</li><li>CVE-2024-25064: Authenticated users could manipulate parameters to access unauthorized resources, posing a lower risk.</li></ul><p>Source: <a href="https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/" rel="nofollow noopener" target="_blank">Hikvision Security Advisory</a></p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Hikvision" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hikvision</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-25063 <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-25064 <a href="https://infosec.exchange/tags/ServerSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ServerSecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a> 🌍🔒💡</p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"⚔️ Cutting Edge Cyber Espionage: Ivanti Zero-Days Under Siege by UNC5325 ⚔️"</p><p><a href="https://infosec.exchange/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> &amp; <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a>'s latest investigation unveils a sophisticated cyber-espionage campaign targeting Ivanti Connect Secure VPN appliances. <a href="https://infosec.exchange/tags/UNC5325" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5325</span></a>, a China-nexus group, exploited a series of zero-day vulnerabilities, including CVE-2024-21893, to deploy novel malware and evade detection. Despite efforts, their persistence mechanisms faltered due to encryption key mismatches. 🛡️🔐</p><p>A new Integrity Checking Tool (ICT) is available for Ivanti customers, emphasizing the urgency of updating and patching network appliances. The exploitation showcases advanced techniques, including LotL and custom malware like LITTLELAMB.WOOLTEA, highlighting the importance of robust cyber defenses.</p><p>Ivanti disclosed five critical vulnerabilities, with <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2024-21893 and <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2024-22024 posing significant risks. The SSRF and XXE vulnerabilities enable attackers to bypass security measures and access restricted resources, underscoring the need for immediate remediation.</p><p>Attribution to <a href="https://infosec.exchange/tags/UNC5325" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5325</span></a> ties this campaign to China, with tactics, techniques, and malware indicating a high level of sophistication. This operation's breadth and depth signal a continued threat from state-sponsored actors against critical network infrastructure.</p><p>Let's ensure our defenses are updated and vigilant against these evolving threats. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/UNC5325" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5325</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a> <a href="https://attack.mitre.org/groups/G0096/" rel="nofollow noopener" target="_blank">Mitre - UNC5325</a> <a href="https://infosec.exchange/tags/UNC3886" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC3886</span></a></p><p>Source: Mandiant Team - <a href="https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence" rel="nofollow noopener" target="_blank">Investigating Ivanti Exploitation &amp; Persistence</a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 Critical Vulnerability Alert: ConnectWise ScreenConnect Under Attack! 🚨"</p><p>Sophos researchers have unveiled a situation for users of ConnectWise ScreenConnect, detailing how CVE-2024-1709 and CVE-2024-1708 vulnerabilities are being exploited to deliver malware, including the notorious LockBit ransomware. These vulnerabilities open the door for attackers to execute arbitrary code and take control of unpatched systems. </p><p>ConnectWise ScreenConnect, a remote access software, has vulnerabilities being exploited by hackers to deliver malware, including ransomware, to businesses. Critical vulnerabilities allow unauthorized access and command execution. It's essential to update ScreenConnect to version 23.9.8 or later to mitigate these risks. Cloud-hosted ScreenConnect users are safe, but on-premise versions need manual updates. </p><p>To protect your organization from specific security weaknesses in ScreenConnect software, follow these simplified steps:</p><ol><li>Find all ScreenConnect software in your network, including those managed by others. It's essential to know where it's installed to understand your risk.</li><li>Isolate or remove the ScreenConnect Client from devices until the server is securely updated or thoroughly checked. If you don't control the server, removing the client might be the best quick fix.</li><li>Examine devices with ScreenConnect for signs of hacking, like new unknown user accounts, strange software behavior, and attempts to disable security features.</li><li>If you find anything suspicious, start your incident response plan to tackle the issue and prevent further damage. Specifically, look for indicators of two main vulnerabilities (CVE-2024-1709 &amp; CVE-2024-1708) by examining server versions, IP connections, and unexpected file presence, which could show a breach. 🛡️💻🔐</li></ol><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ConnectWiseScreenConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectWiseScreenConnect</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LockBit</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-1709 <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-1708 <a href="https://infosec.exchange/tags/UpdateNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpdateNow</span></a> <a href="https://infosec.exchange/tags/StaySecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StaySecure</span></a></p><p>Source: <a href="https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/" rel="nofollow noopener" target="_blank">Sophos News</a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"⚠️ Critical EoP Flaw in Microsoft Exchange Server ⚠️"</p><p>A Critical Elevation of Privilege (EoP) vulnerability, CVE-2024-21410, in the Microsoft Exchange Server, demands immediate attention. Rated 9.8 on the CVSSv3 scale and tagged "Exploitation More Likely," this flaw could let attackers use NTLMv2 hashes for relay or pass-the-hash attacks. Exchange Server versions up to 2019 CU14 lack NTLM Relay Protection by default. Microsoft advises enabling this protection via a provided script that can be found in Microsoft’s advisory and urges installation of the latest update as a defense measure. </p><p>While CVE-2024-21410 remains unexploited for now AFAIK, its potential risk cannot be underestimated. </p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MicrosoftExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftExchange</span></a> <a href="https://infosec.exchange/tags/EoPVulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EoPVulnerability</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-21410 <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a> <a href="https://infosec.exchange/tags/NTLMRelay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NTLMRelay</span></a> <a href="https://infosec.exchange/tags/ThreatPrevention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatPrevention</span></a> 🛡️💻🔐</p><p>Source: <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21410" rel="nofollow noopener" target="_blank">Microsoft Advisory</a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"⚠️ Windows SmartScreen Bypass Alert: CVE-2024-21351 Unveiled 🔓"</p><p>A new vulnerability, CVE-2024-21351, exposes a security feature bypass in Windows SmartScreen, enabling attackers to execute arbitrary code by tricking users into opening a malicious file. This flaw, with a CVSS score of 7.6, follows the previously patched CVE-2023-36025, indicating a method to circumvent Microsoft's efforts in securing its SmartScreen feature. Attackers exploit this vulnerability actively in the wild, despite Microsoft's release of an official fix. </p><p>Technical breakdown: CVE-2024-21351 allows code injection into SmartScreen, bypassing protections and potentially leading to data exposure or system unavailability. Cybersecurity professionals must understand the attack vector, which requires social engineering to convince a user to open a malicious file.</p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/WindowsSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsSecurity</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a>-21351 <a href="https://infosec.exchange/tags/SmartScreenBypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmartScreenBypass</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSecCommunity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> 🛡️💻🔧</p><p>Mitre CVE Summary: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21351" rel="nofollow noopener" target="_blank">CVE-2024-21351</a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 Multiple issues in Jenkins, an open-source automation server that is widely used in software development 🐛🔧"</p><p>Jenkins, a popular automation server, has a vulnerability in its command line interface (CLI). This issue stems from the args4j library's feature that replaces an "@" character followed by a file path with the contents of that file. This feature, enabled by default in Jenkins versions up to 2.441 and LTS 2.426.2, allows attackers to read files on the Jenkins controller's file system. Users with "Overall/Read" permission can read entire files, while those without this permission can read the first few lines, depending on the CLI commands available.</p><p>The vulnerability also extends to binary files, including cryptographic keys, albeit with some limitations. Various attack vectors have been identified, exploiting this flaw to achieve remote code execution or other malicious objectives. These include manipulating the "Resource Root URL" functionality, forging "Remember me" cookies, conducting stored cross-site scripting (XSS) attacks through build logs, bypassing CSRF protection, decrypting secrets stored in Jenkins, deleting items, and downloading Java heap dumps. These attacks rely on specific conditions, such as the ability to retrieve binary secrets, access to Jenkins's web session ID, and the attacker's knowledge or guesswork about user names with "Overall/Read" permission.</p><p>🚨💻</p><p>Key vulnerabilities include:</p><ul><li>CVE-2024-23897: Arbitrary file read vulnerability through the CLI can lead to RCE</li><li>CVE-2024-23899: Git server Plugin allowing file content exposure that can lead to RCE.</li><li>CVE-2024-23900: Matrix Project Plugin with user-defined axis names issues.</li><li>CVE-2024-23901 &amp; CVE-2024-23902: GitLab Branch Source Plugin with risks of crafted Pipeline builds and CSRF vulnerabilities.</li><li>CVE-2024-23903: Potential for webhook token theft in GitLab Branch Source Plugin.</li><li>CVE-2023-6147 &amp; CVE-2023-6148: Qualys Policy Compliance Scanning Connector Plugin with XSS and XXE vulnerabilities.</li></ul><p>🔐 Recommended actions:</p><ul><li>Update Git server Plugin to version 99.101.v720e86326c09 or later.</li><li>Update GitLab Branch Source Plugin to version 688.v5fa_356ee8520 or later.</li><li>Update Matrix Project Plugin to version 822.824.v14451b_c0fd42 or later.</li><li>Update Qualys Policy Compliance Scanning Connector Plugin to version 1.0.6 or later.</li><li>For detailed mitigation steps, see Jenkins' advisory: <a href="https://jenkins.io/security/advisory/2024-01-24/" rel="nofollow noopener" target="_blank">Jenkins Security Advisory</a>.</li></ul><p>Stay alert and ensure your Jenkins environment is up-to-date! 🛡️💡</p><p>Sources: <a href="https://jenkins.io/security/advisory/2024-01-24/" rel="nofollow noopener" target="_blank">Jenkins Security Advisory</a> and <a href="https://www.tenable.com/plugins/pipeline/issues/164582" rel="nofollow noopener" target="_blank">Tenable</a>,</p><p>Tags: <a href="https://infosec.exchange/tags/Jenkins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Jenkins</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/CVE2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024</span></a> <a href="https://infosec.exchange/tags/CyberThreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreat</span></a> <a href="https://infosec.exchange/tags/PluginSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PluginSecurity</span></a> <a href="https://infosec.exchange/tags/UpdateNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpdateNow</span></a> 🚀👨‍💻🛠️</p>