CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31159 – Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
https://notcve.org/view.php?id=CVE-2022-31159
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the `destinationDirectory` argument, but S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key. • https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31115 – Unsafe YAML deserialization in opensearch-ruby
https://notcve.org/view.php?id=CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. • https://github.com/opensearch-project/opensearch-ruby/pull/77 https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3 https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33915
https://notcve.org/view.php?id=CVE-2022-33915
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. Las versiones del paquete hotpatch de Amazon AWS Apache Log4j anteriores a log4j-cve-2021-44228-hotpatch-1.3.5, están afectadas por una condición de carrera que podría conllevar a una escalada de privilegios local. • https://alas.aws.amazon.com/AL2/ALAS-2022-1806.html https://alas.aws.amazon.com/ALAS-2022-1601.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1830 – Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2022-1830
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping El plugin Amazon Einzeltitellinks de WordPress versiones hasta 1.3.3, no presenta una comprobación de tipo CSRF cuando actualiza sus ajustes, lo que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF y conllevar a un ataque de tipo Cross-Site Scripting Almacenado debido a una falta de saneo y escape • https://wpscan.com/vulnerability/a6b3e927-41e2-4e48-b9e1-8c58a1b9a933 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1645 – Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1645
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin Amazon Link de WordPress versiones hasta 3.2.10, no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la función unfiltered_html está deshabilitada • https://wpscan.com/vulnerability/915b7d79-f9dd-451d-bf8f-6d14ec3e67d2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •