Aviv Sasson

**Name of the Vulnerable Software and Affected Versions** Service Fabric versions prior to 9.0.1.0 Docker versions (affected versions not specified) **Description** An Elevation of Privilege vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this vulnerability requires an attacker to gain remote code execution within a container. The vulnerability is related to insufficient access control and can be exploited to bypass security restrictions and elevate privileges. According to Microsoft, Service Fabric hosts over 1 million applications daily and supports many Azure products. The vulnerability, named FabricScape, is located in the Diagnostics Collection Agent (DCA) component and can be used to gain control over the SF-node and the entire cluster. The issue affects both Windows and Linux platforms but can only be exploited on Linux. **Recommendations** For Service Fabric versions prior to 9.0.1.0, update to the latest release, Service Fabric 9.0.1.0, to resolve the issue. As a temporary workaround, consider restricting access to the Diagnostics Collection Agent (DCA) component until a patch is available. Avoid using containers with runtime access enabled, as this can increase the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: github.com/containers/storage versions prior to 1.28.1 Description: A deadlock issue occurs when processing a container image with an invalid `tar` archive layer, causing the code to wait indefinitely for the tar unpacked stream. This can be exploited by an attacker to craft a malicious image, leading to a Denial of Service (DoS) when downloaded and stored by an application using containers/storage. Recommendations: For versions prior to 1.28.1, update to version 1.28.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `github.com/containers/storage` module until a patch is available. Avoid using the `DecompressStream` function on untrusted archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libslirp versions 4.2.0 and prior releases **Description** The issue is related to a use after free vulnerability in the `ip reass()` function in `ip input.c` of the libslirp library. This vulnerability can be exploited by crafted packets, leading to a denial of service. **Recommendations** For libslirp versions 4.2.0 and prior releases, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Harbor versions 1.7.0 through 1.8.2 **Description** The issue allows non-admin users to create admin accounts via the "POST /api/users" API endpoint, when Harbor is set up with a DB as the authentication backend and allows users to do self-registration. This enables privilege escalation from a non-admin to an admin account. **Recommendations** For Harbor versions 1.7.0 through 1.8.2, update to version 1.7.6, 1.8.3, or 1.9.0 to resolve the issue. As a temporary workaround, consider configuring Harbor to use a non-DB authentication backend such as LDAP.

**Name of the Vulnerable Software and Affected Versions** NATS Server versions prior to 2.2.0 **Description** The issue is caused by an integer overflow that allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, the attacker must first authenticate. This can be exploited by sending a specifically crafted request to the server. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.