CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48279 – mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. En ModSecurity anterior a 2.9.6 y 3.x anterior a 3.0.8, las solicitudes HTTP multiparte se analizaban incorrectamente y podían omitir el Firewall de aplicaciones web. NOTA: esto está relacionado con CVE-2022-39956, pero puede considerarse cambios independientes en el código base de ModSecurity (lenguaje C). A vulnerability was found in ModSecurity. • https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves https://github.com/SpiderLabs/ModSecurity/pull/2795 https://github.com/SpiderLabs/ModSecurity/pull/2797 https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6 https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ&# • CWE-436: Interpretation Conflict CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24021 – modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. El manejo incorrecto de los bytes '\0' en las cargas de archivos en ModSecurity anteriores a 2.9.7 puede permitir omisiones del Firewall de aplicaciones web y sobrelecturas del búfer en el Firewall de aplicaciones web al ejecutar reglas que leen la colección FILES_TMP_CONTENT. A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass. • https://github.com/SpiderLabs/ModSecurity/pull/2857 https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7 https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI https:/& • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 1CVE-2022-47950 – openstack-swift: Arbitrary file access through custom S3 XML entities
https://notcve.org/view.php?id=CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). Se descubrió un problema en OpenStack Swift anterior a 2.28.1, 2.29.x anterior a 2.29.2 y 2.30.0. Al proporcionar archivos XML manipulados, un usuario autenticado puede obligar a la API de S3 a devolver contenidos de archivos arbitrarios desde el servidor host, lo que resulta en un acceso de lectura no autorizado a datos potencialmente confidenciales. • https://launchpad.net/bugs/1998625 https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html https://security.openstack.org/ossa/OSSA-2023-001.html https://www.debian.org/security/2023/dsa-5327 https://access.redhat.com/security/cve/CVE-2022-47950 https://bugzilla.redhat.com/show_bug.cgi?id=2160618 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 12CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En Sudo anterior a 1.9.12p2, la función sudoedit (también conocida como -e) maneja mal argumentos adicionales pasados en las variables de entorno proporcionadas por el usuario (SUDO_EDITOR, VISUAL y EDITOR), permitiendo a un atacante local agregar entradas arbitrarias a la lista de archivos para procesar. . • https://www.exploit-db.com/exploits/51217 https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc https://github.com/Chan9Yan9/CVE-2023-22809 https://github.com/Toothless5143/CVE-2023-22809 https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC https://github.com/pashayogi/CVE-2023-22809 https://github.com/M4fiaB0y/CVE-2023-22809 https://github.com/asepsaepdin/CVE-2023-22809 https://github.com/AntiVlad/CVE-2023-22809 http://packetstormsecurity.com/files/171644/sudo-1.9.12p • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46648 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. Las versiones de ruby-git anteriores a la v1.13.0 permiten a un atacante remoto autenticado ejecutar un código Ruby arbitrario haciendo que un usuario cargue en el producto un repositorio que contiene un nombre de archivo especialmente manipulado. Esta vulnerabilidad es diferente de CVE-2022-47318. A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://access.redhat.com/security/cve/CVE-2022-46648 https://bugzilla.redhat.com/show_bug.cgi?id=2169385 • CWE-94: Improper Control of Generation of Code ('Code Injection') •