Fuomag9

**Name of the Vulnerable Software and Affected Versions** CA17 TeamsACS version 1.0.1 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script to the `errmsg` parameter. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For CA17 TeamsACS version 1.0.1, consider restricting access to the `errmsg` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `errmsg` parameter in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink W60B version 77.83.0.85 **Description** The issue allows attackers to gain sensitive information and cause a denial of service (DoS) due to a Directory Traversal vulnerability in the Contacts File Upload Interface. **Recommendations** For Yealink W60B version 77.83.0.85, consider restricting access to the Contacts File Upload Interface until a patch is available. As a temporary workaround, avoid using the vulnerable interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghost versions prior to 5.42.1 **Description** The issue allows remote attackers to read arbitrary files within the active theme's folder via directory traversal using the `/assets/built%2F..%2F..%2F/` endpoint. This occurs in the `frontend/web/middleware/static-theme.js` file. **Recommendations** For Ghost versions prior to 5.42.1, update to version 5.42.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/assets/built/` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2022.12.2 authentik versions prior to 2023.1.3 authentik versions prior to 2023.2.3 **Description** The issue arises from an insufficient access check in the recovery flow, allowing a created recovery link to be used for setting the password of any arbitrary user. This is possible if a recovery flow with both an Identification and an Email stage exists. The attack requires an administrator to create or send a recovery link to the attacker, who can then exploit the improper token validation to change passwords. Custom recovery flows are recommended to include a policy that skips the identification stage when the flow is restored, by checking `request.context['is restored']`. **Recommendations** For versions prior to 2022.12.2, update to version 2022.12.2 or later. For versions prior to 2023.1.3, update to version 2023.1.3 or later. For versions prior to 2023.2.3, update to version 2023.2.3 or later. As a temporary workaround, consider adding a policy to custom recovery flows that checks if the flow is restored and skips the identification stage by verifying `request.context['is restored']`.

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2022.11.4 authentik versions prior to 2022.10.4 **Description** The issue concerns token reuse in invitation URLs, leading to access control bypass via the use of a different enrollment flow than the one provided. An attacker who knows different invitation flows names, such as `enrollment-invitation-test` and `enrollment-invitation-admin`, can signup via a single invitation URL for any valid invite link received. This is possible because the token used in the `Invitations` section of the Admin interface does not change when a different `enrollment flow` is selected, and it is not bound to the selected flow. Only configurations that use invitations and have multiple enrollment flows with invitation stages that grant different permissions are affected. The default configuration and configurations with a single enrollment flow are not vulnerable. **Recommendations** For versions prior to 2022.11.4, update to version 2022.11.4 or later. For versions prior to 2022.10.4, update to version 2022.10.4 or later. As a temporary workaround, consider adding fixed data to invitations that can be checked in the flow to deny requests. Alternatively, use an identifier with high entropy, such as a UUID, as a flow slug to mitigate the attack vector by exponentially decreasing the possibility of discovering other flows.

**Name of the Vulnerable Software and Affected Versions** Funkwhale version 1.2.8 **Description** The issue concerns user invites that do not permanently expire after being used for signup. These invites can be used again even after an account associated with the invite has been deleted. **Recommendations** For Funkwhale version 1.2.8, consider temporarily restricting the use of user invites until a patch is available to prevent their reuse after account deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.