Daniel Kalinowski

**Name of the Vulnerable Software and Affected Versions** Stormshield Network Security (SNS) VPN SSL Client versions 2.1.0 through 2.8.0 **Description** The issue is related to Insecure Permissions in the Stormshield Network Security (SNS) VPN SSL Client. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 2.1.0 through 2.8.0, update to a version that addresses the Insecure Permissions issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stormshield SSL VPN Client versions prior to 3.2.0 **Description** A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN instance until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Stormshield Network Security (SNS) versions prior to 4.2.2 **Description** The issue allows a read-only administrator to gain privileges via CLI commands. **Recommendations** For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sprout Forms versions prior to 3.9.0 **Description** A potential Server-Side Template Injection issue exists in Sprout Forms, which could lead to the execution of Twig code when using custom fields in Notification Emails. **Recommendations** For versions prior to 3.9.0, update to version 3.9.0 to fix the issue. As a temporary workaround for users unable to upgrade, update any Notification Emails to use the "Basic Notification (Sprout Email)" template and avoid using the "Basic Notification (Sprout Forms)" template or any custom templates that display Form Fields.

**Name of the Vulnerable Software and Affected Versions** Jenkins OpenShift Pipeline Plugin versions 1.0.56 and earlier **Description** The issue is related to the YAML parser in the Jenkins OpenShift Pipeline Plugin, which does not prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability. The vulnerability can be exploited by users who can provide YAML input files to the plugin's build step, allowing them to execute arbitrary code remotely. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Jenkins OpenShift Pipeline Plugin versions 1.0.56 and earlier, update to version 1.0.57 or later, which configures its YAML parser to only instantiate safe types. As a temporary workaround, consider restricting access to the build step that uses the YAML parser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Azure Container Service Plugin versions 1.0.1 and earlier **Description** The issue is related to the YAML parser in the Jenkins Azure Container Service Plugin, which does not properly configure to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability. The vulnerability can be exploited by users who can provide YAML input files to the plugin's build step, allowing a remote attacker to execute arbitrary code. **Recommendations** For Jenkins Azure Container Service Plugin versions 1.0.1 and earlier, update to version 1.0.2 or later, which configures its YAML parser to only instantiate safe types. As a temporary workaround, consider restricting access to the build step that uses the YAML parser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins RadarGun Plugin versions 1.7 and earlier **Description** The issue is related to the configuration of the YAML parser in the Jenkins RadarGun Plugin, which does not prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability. The vulnerability can be exploited by users who have the ability to configure the RadarGun Plugin's build step. **Recommendations** For Jenkins RadarGun Plugin versions 1.7 and earlier, update to version 1.8 or later, which configures its YAML parser to only instantiate safe types.

**Name of the Vulnerable Software and Affected Versions** Jenkins Google Kubernetes Engine Plugin versions 0.8.0 and earlier **Description** The issue is related to the configuration of the YAML parser in the Jenkins Google Kubernetes Engine Plugin, which does not prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability that can be exploited by users who can provide YAML input files to the plugin's build step. **Recommendations** For Jenkins Google Kubernetes Engine Plugin versions 0.8.0 and earlier, update to version 0.8.1 or later, which configures its YAML parser to only instantiate safe types.

**Name of the Vulnerable Software and Affected Versions** Analogic Poste.io version 2.1.6 **Description** The issue concerns the Roundcube component of Analogic Poste.io, where the protection of the logs/ folder via .htaccess is ineffective when used with the nginx server, as opposed to the Apache HTTP Server. This allows attackers to access logs through the "webmail/logs/sendmail" URI. **Recommendations** For Analogic Poste.io version 2.1.6, consider restricting access to the logs/ folder through alternative means, such as configuring nginx to properly protect the directory, until a more permanent solution is available. As a temporary workaround, restrict access to the "webmail/logs/sendmail" URI to minimize the risk of exploitation.