CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30853 – Gradle Build Action data written to GitHub Actions Cache may expose secrets
https://notcve.org/view.php?id=CVE-2023-30853
This data stored in the GitHub Actions cache can be read by a GitHub Actions workflow running in an untrusted context, such as that running for a Pull Request submitted by a developer via a repository fork. This vulnerability was discovered internally through code review, and we have not seen any evidence of it being exploited in the wild. However, in addition to upgrading the Gradle Build Action, affected users should delete any potentially vulnerable cache entries and may choose to rotate any potentially affected secrets. Gradle Build Action v2.4.2 and newer no longer saves this sensitive data for later use, preventing ongoing leakage of secrets via the GitHub Actions Cache. While upgrading to the latest version of the Gradle Build Action will prevent leakage of secrets going forward, additional actions may be required due to current or previous GitHub Actions Cache entries containing this information. Current cache entries will remain vulnerable until they are forcibly deleted or they expire naturally after 7 days of not being used. ... Compromise could occur if a user runs a GitHub Actions workflow for a pull request attempting to exploit this data. Warning signs to look for in a pull request include: - Making changes to GitHub Actions workflow files in a way that may attempt to read/extract data from the Gradle User Home or `<project-root>/.gradle` directories. - Making changes to Gradle build files or other executable files that may be invoked by a GitHub Actions workflow, in a way that may attempt to read/extract information from these locations. Some workarounds to limit the impact of this vulnerability are available: - If the Gradle project does not opt-in to using the configuration cache, then it is not vulnerable. - If the Gradle project does opt-in to using the configuration-cache by default, then the `--no-configuration-cache` command-line argument can be used to disable this feature in a GitHub Actions workflow. In any case, we recommend that users carefully inspect any pull request before approving the execution of GitHub Actions workflows. • https://github.com/gradle/gradle-build-action/releases/tag/v2.4.2 https://github.com/gradle/gradle-build-action/security/advisories/GHSA-h3qr-39j9-4r5v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2360
https://notcve.org/view.php?id=CVE-2023-2360
Sensitive information disclosure due to CORS misconfiguration. • https://security-advisory.acronis.com/advisories/SEC-4215 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27557 – IBM Safter Payments information disclosure
https://notcve.org/view.php?id=CVE-2023-27557
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249192 https://www.ibm.com/support/pages/node/6985603 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27860 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-27860
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249207 https://www.ibm.com/support/pages/node/6985679 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-26243
https://notcve.org/view.php?id=CVE-2023-26243
The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. • https://sowhat.iit.cnr.it https://sowhat.iit.cnr.it:8443/can-work/chimaera https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf • CWE-668: Exposure of Resource to Wrong Sphere •