Log

CVE-2019-10182 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Directory traversal
Description
+ It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
References
+ https://marc.info/?l=oss-security&m=156458681628488
+ https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99
+ https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/e0818f521a0711aeec4b913b49b5fc6a52815662
+ https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2ab070cdac087bd208f64fa8138bb709f8d7680c
Notes
CVE-2019-10185 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Directory traversal
Description
+ It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
References
+ https://marc.info/?l=oss-security&m=156458681628488
Notes
CVE-2019-10208 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and length('foo') are inexact, while length('foo'::text) is exact. As part of exploiting this vulnerability, the attacker uses CREATE DOMAIN to create a type in a pg_temp schema. The attack pattern and fix are similar to that for CVE-2007-2138.
References
+ https://www.postgresql.org/about/news/1960/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1734416
Notes
CVE-2019-10209 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples.
References
+ https://www.postgresql.org/about/news/1960/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1734447
Notes
CVE-2019-10222 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted HTTP request which lead to denial of service. The vulnerability affects the RGW component of Ceph, specifically the ceph-radosgw.
References
+ https://marc.info/?l=oss-security&m=156701115910378
+ https://github.com/ceph/ceph/pull/29967
Notes
CVE-2019-10352 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary file overwrite
Description
+ A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to store the uploaded file on the Jenkins master, resulting in an arbitrary file write vulnerability.
References
+ https://jenkins.io/security/advisory/2019-07-17/
Notes
CVE-2019-10353 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Cross-site request forgery
Description
+ By default, CSRF tokens in Jenkins before 2.186 only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for another user to implement CSRF attacks as long as the victim’s IP address remained unchanged.
References
+ https://jenkins.io/security/advisory/2019-07-17/
Notes
CVE-2019-10354 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in Jenkins before 2.186. Jenkins uses the Stapler web framework to render its UI views. These views are frequently comprised of several view fragments, enabling plugins to extend existing views with more content. In some cases attackers could directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.
References
+ https://jenkins.io/security/advisory/2019-07-17/
Notes
CVE-2019-10383 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting vulnerability that is exploitable by administrators and affects other administrators.
References
+ https://jenkins.io/security/advisory/2019-08-28/
Notes
CVE-2019-10384 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site request forgery
Description
+ Jenkins allowed the creation of CSRF tokens without a corresponding web session ID. This is the result of an incomplete fix for SECURITY-626 in the 2019-07-17 security advisory. This allowed attackers able to obtain a CSRF token without associated session ID to implement CSRF attacks with the following constraints. The token had to be created for the anonymous user (and could only be used for actions the anonymous user can perform). The victim’s IP address needed to remain unchanged (unless the proxy compatibility option was enabled) The victim must not have a valid web session at the time of the attack. CSRF token generation now creates a web session if none exists yet, so that the lack of a web session ID cannot be exploited.
References
+ https://jenkins.io/security/advisory/2019-08-28/
Notes