CVE-2021-41090 – Instance config inline secret exposure
https://notcve.org/view.php?id=CVE-2021-41090
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. • https://github.com/grafana/agent/commit/af7fb01e31fe2d389e5f1c36b399ddc46b412b21 https://github.com/grafana/agent/pull/1152 https://github.com/grafana/agent/releases/tag/v0.20.1 https://github.com/grafana/agent/releases/tag/v0.21.2 https://github.com/grafana/agent/security/advisories/GHSA-9c4x-5hgq-q3wh https://security.netapp.com/advisory/ntap-20211229-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-34800 – Sensitive information could be logged
https://notcve.org/view.php?id=CVE-2021-34800
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 Podría registrarse información confidencial. Los siguientes productos están afectados: Acronis Agent (Windows, Linux, macOS) versiones anteriores a la compilación 27147 • https://security-advisory.acronis.com/advisories/SEC-3145 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-31847 – Improper privilege management in repair process of MA for Windows
https://notcve.org/view.php?id=CVE-2021-31847
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. Una vulnerabilidad de control de acceso inapropiado en el proceso de reparación de McAfee Agent para Windows versiones anteriores a 5.7.4, podría permitir a un atacante local llevar a cabo un ataque de precarga de DLL usando DLL sin firmar. Esto daría lugar a una elevación de privilegios y a la posibilidad de ejecutar código arbitrario como usuario del sistema, al no proteger correctamente un directorio temporal usado en el proceso de reparación y no comprobar la firma de la DLL This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. • https://kc.mcafee.com/corporate/index?page=content&id=SB10369 https://www.zerodayinitiative.com/advisories/ZDI-21-1104 • CWE-269: Improper Privilege Management CWE-347: Improper Verification of Cryptographic Signature CWE-427: Uncontrolled Search Path Element •
CVE-2021-31839 – Incorrect permissions on McAfee Agent for Windows event folder
https://notcve.org/view.php?id=CVE-2021-31839
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. Una vulnerabilidad de gestión de privilegios inapropiada en McAfee Agent para Windows anterior a versión 5.7.3 permite a un usuario local modificar la información de eventos en la carpeta de eventos de MA. Esto permite a un usuario local añadir eventos falsos o eliminar eventos de los registros de eventos antes de que se envíen al servidor de ePO • https://kc.mcafee.com/corporate/index?page=content&id=SB10362 • CWE-269: Improper Privilege Management •
CVE-2021-1257 – Cisco DNA Center Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2021-1257
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV • CWE-352: Cross-Site Request Forgery (CSRF) •