CVE-2022-45061 – python: CPU denial of service via inefficient IDNA decoder
https://notcve.org/view.php?id=CVE-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. • https://github.com/python/cpython/issues/98433 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNS • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVE-2022-31123 – Grafana plugin signature bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. • https://github.com/grafana/grafana/releases/tag/v9.1.8 https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8 https://security.netapp.com/advisory/ntap-20221124-0002 https://access.redhat.com/security/cve/CVE-2022-31123 https://bugzilla.redhat.com/show_bug.cgi?id=2131147 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2022-31107 – Grafana account takeover via OAuth vulnerability
https://notcve.org/view.php?id=CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. • https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31107 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVE-2022-31097 – Stored XSS in Grafana's Unified Alerting
https://notcve.org/view.php?id=CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. • https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31097 https://bugzilla.redhat.com/show_bug.cgi?id=2104365 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. • https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 • CWE-193: Off-by-one Error •