CVE-2023-34040 – Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
https://notcve.org/view.php?id=CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. • https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040 https://github.com/pyn3rd/CVE-2023-34040 https://github.com/buiduchoang24/CVE-2023-34040 https://spring.io/security/cve-2023-34040 • CWE-502: Deserialization of Untrusted Data •
CVE-2023-34038
https://notcve.org/view.php?id=CVE-2023-34038
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. VMware Horizon Server contiene una vulnerabilidad de divulgación de información. Un actor malicioso con acceso a la red puede ser capaz de acceder a información relativa a la configuración de la red interna. • https://www.vmware.com/security/advisories/VMSA-2023-0017.html •
CVE-2023-34037
https://notcve.org/view.php?id=CVE-2023-34037
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. VMware Horizon Server contiene una vulnerabilidad de contrabando de solicitudes HTTP. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP de contrabando. • https://www.vmware.com/security/advisories/VMSA-2023-0017.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2023-20891 – VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-20891
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. • https://www.vmware.com/security/advisories/VMSA-2023-0016.html • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of functionality outside the user's permissions, or denial of service. • https://security.netapp.com/advisory/ntap-20230814-0008 https://spring.io/security/cve-2023-34034 https://access.redhat.com/security/cve/CVE-2023-34034 https://bugzilla.redhat.com/show_bug.cgi?id=2241271 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •