CVE-2018-1273 – VMware Tanzu Spring Data Commons Property Binder Vulnerability
https://notcve.org/view.php?id=CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. Spring Data Commons, en versiones anteriores a las comprendidas entre la 1.13 y la 1.13.10 y entre la 2.0 y la 2.0.5 y versiones antiguas no soportadas, contiene una vulnerabilidad Property Binder debido a una neutralización incorrecta de los elementos especiales. Un usuario (o atacante) remoto no autenticado puede pasar parámetros de petición especialmente manipulados contra los recursos HTTP respaldados con datos REST de Spring o utilizar el hat de vinculación de la carga útil de la petición basada en la proyección para permitir un ataque de ejecución remota de código. Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution. • https://github.com/knqyf263/CVE-2018-1273 http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E https://pivotal.io/security/cve-2018-1273 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2016-6658
https://notcve.org/view.php?id=CVE-2016-6658
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que señale al buildpack. • https://pivotal.io/security/cve-2016-6658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1231
https://notcve.org/view.php?id=CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. Cloud Foundry BOSH CLI, en versiones anteriores a la v3.0.1, contiene una vulnerabilidad de control de acceso incorrecto. Un usuario con acceso a una instancia que utilice BOSH CLI puede acceder al archivo de configuración de BOSH CLI y utilizar sus contenidos para realizar peticiones autenticadas a BOSH. • https://www.cloudfoundry.org/blog/cve-2018-1231 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-1230
https://notcve.org/view.php?id=CVE-2018-1230
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, no contiene protección contra Cross-Site Request Forgery (CSRF). Un usuario remoto no autenticado podría manipular un sitio malicioso que ejecute peticiones a Spring Batch Admin. • http://www.securityfocus.com/bid/103463 https://pivotal.io/security/cve-2018-1230 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-1229
https://notcve.org/view.php?id=CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la característica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podría almacenar un script web arbitrario que sería ejecutado por otros usuarios. • http://www.securityfocus.com/bid/103462 https://pivotal.io/security/cve-2018-1229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •