CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31123 – Grafana plugin signature bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. • https://github.com/grafana/grafana/releases/tag/v9.1.8 https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8 https://security.netapp.com/advisory/ntap-20221124-0002 https://access.redhat.com/security/cve/CVE-2022-31123 https://bugzilla.redhat.com/show_bug.cgi?id=2131147 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 97%CPEs: 14EXPL: 23CVE-2022-42889 – Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
https://notcve.org/view.php?id=CVE-2022-42889
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. • https://github.com/SeanWrightSec/CVE-2022-42889-PoC https://github.com/kljunowsky/CVE-2022-42889-text4shell https://github.com/korteke/CVE-2022-42889-POC https://github.com/cxzero/CVE-2022-42889-text4shell https://github.com/cryxnet/CVE-2022-42889-RCE https://github.com/akshayithape-devops/CVE-2022-42889-POC https://github.com/0xst4n/CVE-2022-42889 https://github.com/0xmaximus/Apache-Commons-Text-CVE-2022-42889 https://github.com/gustanini/CVE-2022-42889-Text4Shell-POC https:/&# • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-42003 – jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
https://notcve.org/view.php?id=CVE-2022-42003
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobación en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la función UNWRAP_SINGLE_VALUE_ARRAYS está activada. Versión de corrección adicional en 2.13.4.1 y 2.12.17.1 A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 https://github.com/FasterXML/jackson-databind/issues/3590 https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html https://security.gentoo.org/glsa/202210-21 https://security.netapp.com/advisory/ntap-20221124-0004 https://www.debian.org/security/2022/dsa-5283 https://access.redhat.com/security/cve/CVE-2022-42003 https://bugzilla.r • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-42004 – jackson-databind: use of deeply nested arrays
https://notcve.org/view.php?id=CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. En FasterXML jackson-databind versiones anteriores a 2.13.4, el agotamiento de los recursos puede ocurrir debido a una falta de comprobación en BeanDeserializer._deserializeFromArray para impedir el uso de arrays profundamente anidados. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 https://github.com/FasterXML/jackson-databind/issues/3582 https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html https://security.gentoo.org/glsa/202210-21 https://security.netapp.com/advisory/ntap-20221118-0008 https://www.debian.org/security/2022/dsa-5283 https://access.redhat.com/security/cve/CVE-2022-42004 https://bugzilla.r • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38732
https://notcve.org/view.php?id=CVE-2022-38732
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. SnapCenter versiones anteriores a 4.7, eran enviadas sin la política de seguridad de contenidos (CSP) implementada, lo que podía permitir determinados tipos de ataques que de otro modo serían prevenidos • https://security.netapp.com/advisory/NTAP-20220926-0001 •