CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23321 – Apache RocketMQ: Unauthorized Exposure of Sensitive Data
https://notcve.org/view.php?id=CVE-2024-23321
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0. Para las versiones 5.2.0 y anteriores de RocketMQ, bajo ciertas condiciones, existe el riesgo de exposición de información confidencial a un actor no autorizado incluso si RocketMQ está habilitado con funciones de autenticación y autorización. Un atacante que posea privilegios de usuario habituales o que esté incluido en la lista blanca de IP podría adquirir la cuenta y la contraseña del administrador a través de interfaces específicas. • http://www.openwall.com/lists/oss-security/2024/07/22/1 https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 80%CPEs: 2EXPL: 1CVE-2024-41107 – Apache CloudStack: SAML Signature Exclusion
https://notcve.org/view.php?id=CVE-2024-41107
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue. La autenticación SAML de CloudStack (deshabilitada de forma predeterminada) no exige la verificación de firmas. En entornos de CloudStack donde la autenticación SAML está habilitada, un atacante que inicia la autenticación de inicio de sesión único SAML de CloudStack puede omitir la autenticación SAML enviando una respuesta SAML falsificada sin firma y con un nombre de usuario conocido o adivinado y otros detalles de usuario de un usuario de CloudStack habilitado para SAML. cuenta. • https://github.com/d0rb/CVE-2024-41107 http://www.openwall.com/lists/oss-security/2024/07/19/1 http://www.openwall.com/lists/oss-security/2024/07/19/2 https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107 https://github.com/apache/cloudstack/issues/4519 https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3 https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41172 – Apache CXF: Unrestricted memory consumption in CXF HTTP clients
https://notcve.org/view.php?id=CVE-2024-41172
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recopilen como basura y es posible que el consumo de memoria continúe aumentando eventualmente causando que la aplicación se quede sin memoria. A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory. • https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 https://access.redhat.com/security/cve/CVE-2024-41172 https://bugzilla.redhat.com/show_bug.cgi?id=2298829 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29736 – Apache CXF: SSRF vulnerability via WADL stylesheet parameter
https://notcve.org/view.php?id=CVE-2024-29736
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured. Una vulnerabilidad SSRF en la descripción del servicio WADL en versiones de Apache CXF anteriores a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar ataques de estilo SSRF en servicios web REST. El ataque sólo se aplica si se configura un parámetro de hoja de estilo personalizado. A Server-side request forgery (SSRF) vulnerability was found in Apache CXF in the WADL service description. • https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 https://access.redhat.com/security/cve/CVE-2024-29736 https://bugzilla.redhat.com/show_bug.cgi?id=2298827 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. El atacante debía iniciar sesión correctamente en el sistema para lanzar un ataque, por lo que se trata de una vulnerabilidad de impacto moderado. Mitigación: todos los usuarios deben actualizar a 2.1.4 • http://www.openwall.com/lists/oss-security/2024/07/18/1 https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn • CWE-94: Improper Control of Generation of Code ('Code Injection') •