CVE-2023-46218 – curl: information disclosure by exploiting a mixed case flaw
https://notcve.org/view.php?id=CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. Esta falla permite que un servidor HTTP malicioso establezca "supercookies" en curl que luego se devuelven a más orígenes de los que están permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviarán a sitios y dominios diferentes y no relacionados. • https://curl.se/docs/CVE-2023-46218.html https://hackerone.com/reports/2212193 https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD https://security.netapp.com/advisory/ntap-20240125-0007 https://www.debian.org/security/2023/dsa-5587 https://access.redhat • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2023-6271 – Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6271
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. El complemento Backup Migration de WordPress anterior a 1.3.6 almacena información de las copias de seguridad en progreso en archivos fáciles de encontrar y de acceso público, lo que puede permitir a los atacantes monitorearlos para filtrar información confidencial de las copias de seguridad del sitio. The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to extract database backups leading to the potential for a complete site takeover. • https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-49096 – Argument Injection in FFmpeg codec parameters in Jellyfin
https://notcve.org/view.php?id=CVE-2023-49096
Without an additional information leak, this vulnerability shouldn’t be directly exploitable, even if the instance is reachable from the Internet. • https://cwe.mitre.org/data/definitions/88.html https://en.wikipedia.org/wiki/Pass_the_hash https://ffmpeg.org/ffmpeg-filters.html#drawtext-1 https://github.com/jellyfin/jellyfin/commit/a656799dc879d16d21bf2ce7ad412ebd5d45394a https://github.com/jellyfin/jellyfin/issues/5415 https://github.com/jellyfin/jellyfin/security/advisories/GHSA-866x-wj5j-2vf4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2023-5711 – System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
https://notcve.org/view.php?id=CVE-2023-5711
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L1925 https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L1932 https://www.wordfence.com/threat-intel/vulnerabilities/id/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=cve • CWE-862: Missing Authorization •
CVE-2023-5713 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
https://notcve.org/view.php?id=CVE-2023-5713
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341 https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L6357 https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cve • CWE-862: Missing Authorization •