Laura Pardo

**Nome do Software Vulnerável e Versões Afetadas** Ansible Lightspeed (versões afetadas não especificadas) **Description** A expiração insuficiente da sessão permite que um invasor remoto mantenha acesso persistente a uma instância. Se um token de acesso OAuth (Open Authorization) válido for exfiltrado antes de um usuário fazer logout, o invasor poderá continuar a se autenticar e acessar dados sensíveis, pois a aplicação falha em invalidar o token no backend, mantendo-o válido até sua expiração natural. Isso pode resultar em acesso de leitura não autorizado a recursos como inventários, playbooks e dados de configuração. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Ansible Lightspeed (versões afetadas não especificadas) **Descrição** Os endpoints de conversa da API do Ansible Lightspeed, que gerenciam interações de chat com IA, não confirmam adequadamente se um identificador de conversa corresponde ao usuário autenticado. Isso permite que um invasor com credenciais válidas acesse ou modifique conversas pertencentes a outros usuários, potencialmente expondo dados sensíveis e permitindo a manipulação não autorizada de saídas geradas por IA. Os endpoints de API afetados são os endpoints de conversa. O parâmetro vulnerável é o identificador de conversa. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do http-proxy-agent anteriores à 2.1.0 **Descrição** Foi encontrada uma falha no http-proxy-agent, na qual ele passa uma opção de autenticação para o construtor Buffer sem a devida sanitização. Isso pode resultar em uma negação de serviço (DoS) devido ao uso de todos os recursos de CPU disponíveis e na exposição de dados por meio de um vazamento de memória não inicializada em configurações nas quais um invasor poderia enviar entradas digitadas para o parâmetro `auth`. **Recomendações** Para versões anteriores à 2.1.0, atualize para a versão 2.1.0 ou posterior para resolver o problema. Como solução temporária, considere restringir a entrada no parâmetro `auth` para evitar possíveis explorações.

**Name of the Vulnerable Software and Affected Versions** Jolokia versions 1.2 through 1.6.0 **Description** A flaw in the software makes it vulnerable to a system-wide CSRF attack, even in properly configured instances with strict checking for origin and referrer headers. This could potentially result in a Remote Code Execution attack. **Recommendations** For Jolokia versions 1.2 through 1.6.0, update to version 1.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 6.0.2 **Description** A vulnerability was found in the X.509 authenticator, which supports the verification of client certificates through the Certificate Revocation List (CRL). The CRL can be obtained from the URL provided in the certificate itself (CDP) or through a separately configured path. However, the CRL is often available over the network through unsecured protocols, such as 'http' or 'ldap'. As a result, Keycloak's failure to validate signatures on CRL can lead to various attacks, including man-in-the-middle attacks. **Recommendations** For versions prior to 6.0.2, update to version 6.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the X.509 authenticator or verifying the signature and certification path of the CRL manually until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WildFly versions 11 through 16 **Description** The issue is related to security checking implementation errors for standard elements in the Java application server. It may allow a remote attacker to impact the confidentiality and integrity of protected information. Specifically, the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread as, and these threads may not terminate even after the keep alive time has expired, potentially allowing a shared thread to use the wrong security identity when executing. **Recommendations** For WildFly versions 11 through 16, consider restricting access to the Elytron subsystem until a patch is available. As a temporary workaround, consider disabling the use of shared threads in the Elytron subsystem to minimize the risk of exploitation. Avoid using the ElytronManagedThread function in the affected Wildfly versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite versions prior to 6.2 Red Hat Satellite 6.1 optional Red Hat Satellite Capsule 6.1 **Description** A lack of access control was found in the message queues maintained by Satellite's QPID broker, which can be exploited by a malicious user authenticated to a host registered to Satellite or Capsule. This flaw allows access to QMF methods on any host registered to Satellite or Capsule, enabling the execution of privileged commands. **Recommendations** For Red Hat Satellite versions prior to 6.2, update to version 6.2 or later to resolve the issue. For Red Hat Satellite 6.1 optional, consider applying additional access controls to the QPID broker until an update to a fixed version is available. For Red Hat Satellite Capsule 6.1, restrict access to QMF methods until a patch or update is applied. As a temporary workaround, consider disabling access to the QPID broker's message queues for untrusted hosts until a fix is available.

**Name of the Vulnerable Software and Affected Versions** FreeRADIUS (affected versions not specified) **Description** The issue is related to insufficient authentication data validation in the FreeRADIUS server. It allows a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** systemd-journald versions v221 through v239 **Description** An out of bounds read was discovered in the way systemd-journald parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. The issue is related to an error in handling messages that end with a colon, which may lead to the disclosure of memory data. **Recommendations** For versions v221 through v239, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the log parsing functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 4.6.0.Final **Description** The issue concerns the SAML broker consumer endpoint in Keycloak, which ignores expiration conditions on SAML assertions. This can be exploited by an attacker to perform a replay attack. **Recommendations** For versions prior to 4.6.0.Final, update to version 4.6.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the SAML broker consumer endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions 4.2.1.Final, 4.3.0.Final **Description** A flaw was found in the implementation of the Brute Force detection algorithm when TOPT is enabled, which will not enforce its protection measures. **Recommendations** For Keycloak version 4.2.1.Final, update to a version that fixes this issue. For Keycloak version 4.3.0.Final, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions 3.4.3.Final through 4.3.0.Final **Description** A flaw in Keycloak allows the injection of arbitrary Javascript code via the `state`-parameter in the authentication URL when using `response mode=form post`. This enables a cross-site scripting (XSS) attack upon successful login. **Recommendations** For Keycloak versions 3.4.3.Final through 4.3.0.Final, consider disabling the use of `response mode=form post` until a patch is available to prevent the injection of arbitrary Javascript code via the `state`-parameter. Restrict access to the authentication URL to minimize the risk of exploitation. Avoid using the `state`-parameter in the affected authentication URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JBOSS Keycloak version 3.2.1.Final **Description** A flaw was found in the software where the Redirect URL for both Login and Logout are not normalized in `org.keycloak.protocol.oidc.utils.RedirectUtils` before the redirect url is verified. This can lead to an Open Redirection attack. **Recommendations** For JBOSS Keycloak version 3.2.1.Final, consider disabling the `org.keycloak.protocol.oidc.utils.RedirectUtils` function until a patch is available to prevent potential Open Redirection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x through 4.20 **Description** A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem can trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server, resulting in the loss of any outstanding disk writes to the NFS server. **Recommendations** For Linux kernel versions 3.x through 4.20, consider disabling the NFS implementation until a patch is available to prevent exploitation. Restrict access to the NFS server to minimize the risk of denial of service. Avoid using invalid NFS sequences in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Satellite katello versions prior to 3.9.0 **Description** A cross-site scripting (XSS) flaw was found in the katello component of Satellite, allowing an attacker with privileges to create or edit organizations and locations to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. The vulnerability is related to insufficient protection of the web page structure. **Recommendations** For versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Subscriptions and Red Hat Repositories wizards to minimize the risk of exploitation. Avoid using the wizards until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** openstack-neutron versions prior to 13.0.0.0b2 openstack-neutron versions prior to 12.0.3 openstack-neutron versions prior to 11.0.5 **Description** A security issue allows live-migrated instances to briefly inspect traffic for other instances on the same hypervisor. This can be extended indefinitely if the instance's port is set administratively down before and after live-migration. The issue arises from the Open vSwitch integration bridge being connected to the instance during migration, potentially making all traffic for instances using the same Open vSwitch instance visible to the migrated guest. This is because the required Open vSwitch VLAN filters are only applied post-migration. **Recommendations** For versions prior to 13.0.0.0b2, update to version 13.0.0.0b2 or later. For versions prior to 12.0.3, update to version 12.0.3 or later. For versions prior to 11.0.5, update to version 11.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** glusterfs server (affected versions not specified) **Description** An information disclosure issue was found in the glusterfs server, where an attacker could send a xattr request via glusterfs FUSE to check if any file exists. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 389-ds-base versions prior to 1.3.8.5 389-ds-base versions prior to 1.4.0.12 **Description** The issue concerns the storage of sensitive information in cleartext. By default, when the Replica and/or retroChangeLog plugins are enabled, passwords are stored in plaintext format in their respective changelog files. An attacker with high privileges can query these files to retrieve plaintext passwords. **Recommendations** For versions prior to 1.3.8.5, update to version 1.3.8.5 or later. For versions prior to 1.4.0.12, update to version 1.4.0.12 or later.

**Name of the Vulnerable Software and Affected Versions** cloud-init versions 0.6.2 and newer **Description** The default cloud-init configuration in affected versions includes "ssh deletekeys: 0", which disables the deletion of ssh host keys. This could lead to instances created by cloning a golden master or template system sharing ssh host keys, allowing them to impersonate one another or conduct man-in-the-middle attacks. **Recommendations** For cloud-init versions 0.6.2 and newer, consider changing the default cloud-init configuration to enable the deletion of ssh host keys by setting "ssh deletekeys: 1" to prevent instances from sharing ssh host keys.

**Name of the Vulnerable Software and Affected Versions** Xen versions prior to 4.11 **Description** An issue in Xen allows a malicious PV guest to crash the system, leading to a Denial of Service. The vulnerability can be triggered by a guest and is caused by an oversight in safety checks added to prevent Xen livelocking with debug exceptions. Only x86 systems are vulnerable, and only x86 PV guests can exploit the issue. An attacker needs to control hardware debugging facilities, which are typically available to unprivileged users. **Recommendations** For Xen versions prior to 4.11, update to version 4.11 or later to resolve the issue. As a temporary workaround, consider restricting access to hardware debugging facilities to minimize the risk of exploitation.