CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6763 – Jetty URI parsing of invalid authority
https://notcve.org/view.php?id=CVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. • https://github.com/jetty/jetty.project/pull/12012 https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh https://gitlab.eclipse.org/security/cve-assignement/-/issues/25 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9823 – Jetty DOS vulnerability on DosFilter
https://notcve.org/view.php?id=CVE-2024-9823
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service. • https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 https://github.com/jetty/jetty.project/issues/1256 https://access.redhat.com/security/cve/CVE-2024-9823 https://bugzilla.redhat.com/show_bug.cgi?id=2318565 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8376 – Memory leak
https://notcve.org/view.php?id=CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets. • https://github.com/eclipse/mosquitto/releases/tag/v2.0.19 https://gitlab.eclipse.org/security/cve-assignement/-/issues/26 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227 https://mosquitto.org https://github.com/eclipse-mosquitto/mosquitto/commit/1914 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9329 – Glassfish redirect to untrusted site
https://notcve.org/view.php?id=CVE-2024-9329
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://github.com/eclipse-ee4j/glassfish/pull/25106 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232 • CWE-233: Improper Handling of Parameters •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9202 – EDC DataSetResolver policy filtering missing
https://notcve.org/view.php?id=CVE-2024-9202
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. Exploiting this vulnerability requires knowing the ID of a restricted dataset, but some IDs may be guessed by trying out many IDs in an automated way. Affected code: DatasetResolverImpl, L76-79 https://github.com/eclipse-edc/Connector/blob/v0.9.0/core/control-plane/control-plane-catalog/src/main/java/org/eclipse/edc/connector/controlplane/catalog/DatasetResolverImpl.java En las versiones 0.1.3 a 0.9.0 de Eclipse Dataspace Components, el componente Connector filtra qué conjuntos de datos (= ofertas de datos) puede ver otra parte en un catálogo solicitado, para garantizar que solo las partes autorizadas puedan ver las ofertas restringidas. Sin embargo, existe la posibilidad de solicitar un único conjunto de datos, que debería estar sujeto al mismo proceso de filtrado, pero que actualmente no tiene el filtrado correcto. Esto permite que las partes vean potencialmente conjuntos de datos a los que no deberían tener acceso, lo que expone información confidencial. Para explotar esta vulnerabilidad es necesario conocer el ID de un conjunto de datos restringido, pero algunos ID se pueden adivinar probando muchos ID de forma automática. • https://github.com/eclipse-edc/Connector/pull/4490 https://github.com/eclipse-edc/Connector/pull/4491 https://gitlab.eclipse.org/security/cve-assignement/-/issues/35 • CWE-862: Missing Authorization •