CVE-2019-3797 – Additional information exposure with Spring Data JPA derived queries
https://notcve.org/view.php?id=CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. Esto afecta a Spring Data JPA en versiones hasta 2.1.5, 2.0.13 y 1.11.19 inclusive. Las consultas derivadas que utilizan cualquiera de los predicados "startingWith", "endingWith" o "containing" podrían devolver más resultados de los anticipados cuando se proporciona un valor de parámetro de consulta creado con fines malintencionados. • https://pivotal.io/security/cve-2019-3797 https://access.redhat.com/security/cve/CVE-2019-3797 https://bugzilla.redhat.com/show_bug.cgi?id=1697598 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-3793 – Invitations Service supports HTTP connections
https://notcve.org/view.php?id=CVE-2019-3793
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests. Pivotal Apps Manager Release, versiones 665.0.x anteriores a 665.0.28, versiones 666.0.x anteriores a 666.0.21, versiones 667.0.x anteriores a 667.0.7, presentan un servicio de invitación que acepta HTTP. Un usuario remoto no autenticado podría captar el tráfico de la red y lograr acceso a las credenciales de autorización usadas para realizar las solicitudes de invitación. • https://pivotal.io/security/cve-2019-3793 • CWE-300: Channel Accessible by Non-Endpoint CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2019-3792 – Concourse 5.0.0 SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. Pivotal Concourse versión 5.0.0, contiene una API que es vulnerable a la inyección SQL. Un recurso Concourse puede diseñar un identificador de versión que puede llevar una carga de inyección SQL al servidor Concourse, lo que permite al atacante leer datos privilegiados. • https://pivotal.io/security/cve-2019-3792 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-3778 – Open Redirect in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2019-3778
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. • https://www.exploit-db.com/exploits/47000 https://github.com/BBB-man/CVE-2019-3778-Spring-Security-OAuth-2.3-Open-Redirection http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html http://www.securityfocus.com/bid/107153 https://pivotal.io/security/cve-2019-3778 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-3777 – Apps Manager unverified SSL certs in Cloud Controller proxy
https://notcve.org/view.php?id=CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller Pivotal Application Service (PAS), en las versiones 2.2.x anteriores a la 2.2.12, en las 2.3.x anteriores a la 2.3.7 y en las 2.4.x anteriores a la 2.4.3, contiene un gestor de aplicaciones que utiliza un proxy de controlador cloud que no verifica los certificados SSL de manera correcta. Un atacante remoto no autenticado capaz de secuestrar el registro DNS del controlador Cloud podría interceptar los tokens de acceso enviados al controlador Cloud, proporcionando al atacante el acceso a los recursos del usuario en dicho controlador. • http://www.securityfocus.com/bid/107214 https://pivotal.io/security/cve-2019-3777 • CWE-295: Improper Certificate Validation •