Joernchen

**Name of the Vulnerable Software and Affected Versions** jj versions prior to 0.23.0 **Description** Specially crafted Git repositories can cause `jj` to write files outside the clone. This issue can be achieved by having file objects which contain path traversals. To exploit this, an attacker would need to create a crafted Git repository and have the victim clone it using `jj`. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 0.23.0, upgrade to version 0.23.0 to address the issue. As a temporary workaround, consider avoiding cloning repositories from untrusted sources until a patch is available. Restrict access to unknown Git repositories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab Enterprise Edition versions 16.8 through 17.1.7 GitLab Enterprise Edition versions 17.2 through 17.2.5 GitLab Enterprise Edition versions 17.3 through 17.3.2 **Description** The issue is related to insufficient server-side request validation, allowing an attacker to perform Server-Side Request Forgery (SSRF) attacks using a custom Maven Dependency Proxy URL. This enables the attacker to make requests to internal resources. **Recommendations** For GitLab Enterprise Edition versions 16.8 through 17.1.7, update to version 17.1.7 or later. For GitLab Enterprise Edition versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab Enterprise Edition versions 17.3 through 17.3.2, update to version 17.3.2 or later. As a temporary workaround, consider restricting access to the Maven Dependency Proxy URL to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 **Description** The issue is related to an incorrect restriction of the path name to a directory with limited access. This allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the ability to write arbitrary files while creating a workspace. No specific API endpoints, vulnerable parameters, or function names are mentioned in the provided descriptions. **Recommendations** For GitLab versions 16.0 through 16.5.7, update to version 16.5.8 or later. For GitLab versions 16.6 through 16.6.5, update to version 16.6.6 or later. For GitLab versions 16.7 through 16.7.3, update to version 16.7.4 or later. For GitLab versions 16.8 through 16.8.0, update to version 16.8.1 or later. As a temporary workaround, consider restricting access to the workspace creation feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dex versions prior to 2.35.0 **Description** Dex is an identity service that uses OpenID Connect to drive authentication for other apps. An attacker can exploit this issue by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code can then be exchanged for a token, gaining access to applications accepting that token. **Recommendations** For versions prior to 2.35.0, update to version 2.35.0 to resolve the issue. As a temporary workaround, consider disabling public clients to minimize the risk of exploitation. Note that disabling public clients may impact behavior. There are no known workarounds for existing versions without impacting behavior.

**Name of the Vulnerable Software and Affected Versions** Arr-pm versions prior to 0.0.12 **Description** The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious `payload compressor` field. This impacts the `extract` and `files` methods of the `RPM::File` class. To mitigate, ensure RPMs being processed contain valid payload compressor values such as `gzip`, `bzip2`, `xz`, `zstd`, and `lzma`. The payload compressor field in an RPM can be checked using the `rpm` command line tool. **Recommendations** For versions prior to 0.0.12, update to version 0.0.12 to patch the issue. As a temporary workaround, ensure any RPMs being processed contain valid/known payload compressor values such as `gzip`, `bzip2`, `xz`, `zstd`, and `lzma`. Restrict access to the `extract` and `files` methods of the `RPM::File` class until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Discourse versions 2.7.8 and earlier **Description** Discourse is an open source platform for community discussion. In affected versions, maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in `subscribe url` values. It is estimated that around 14,300 sites are potentially vulnerable, with 8,639 potentially vulnerable systems located in the USA. **Recommendations** To resolve the issue, update to version 2.7.9 or later. As a temporary workaround, consider blocking requests with a path starting with `/webhooks/aws` at an upstream proxy.

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.0 through 5.4.2 GitLab Community Edition versions prior to 6.2.4 GitLab Enterprise Edition versions prior to 6.2.1 gitlab-shell versions prior to 1.7.8 Description: The issue allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. This is due to vulnerabilities in the `create branch`, `create tag`, `import project`, and `fork project` functions in lib/gitlab projects.rb. Recommendations: For GitLab versions 5.0 through 5.4.2, update to version 5.4.2 or later. For GitLab Community Edition versions prior to 6.2.4, update to version 6.2.4 or later. For GitLab Enterprise Edition versions prior to 6.2.1, update to version 6.2.1 or later. For gitlab-shell versions prior to 1.7.8, update to version 1.7.8 or later.

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.0 through 5.4.2 GitLab Community Edition versions 5.0 through 6.2.4 GitLab Enterprise Edition versions 5.0 through 6.2.1 gitlab-shell versions prior to 1.7.8 Description: The issue allows remote authenticated users to gain privileges and clone arbitrary repositories due to a problem in the `parse cmd` function. Recommendations: For GitLab versions 5.0 through 5.4.2, update to version 5.4.2 or later. For GitLab Community Edition versions 5.0 through 6.2.4, update to version 6.2.4 or later. For GitLab Enterprise Edition versions 5.0 through 6.2.1, update to version 6.2.1 or later. For gitlab-shell versions prior to 1.7.8, update to version 1.7.8 or later.

**Name of the Vulnerable Software and Affected Versions** gollum versions prior to 3.1.1 gollum-lib versions prior to 4.0.1 **Description** The issue allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags when the string `master` is in any of the wiki documents. This is due to a vulnerability in the gollum-grit adapter Ruby gem dependency in gollum and the gollum-lib gem dependency in gollum-lib. **Recommendations** For gollum versions prior to 3.1.1, update to version 3.1.1 or later. For gollum-lib versions prior to 4.0.1, update to version 4.0.1 or later. As a temporary workaround, consider restricting access to the `-O` and `--open-files-in-pager` flags until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Git versions 2.10.5 and earlier, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 **Description** The issue is related to the use of unsafe Perl scripts to support subcommands such as `cvsserver`, allowing attackers to execute arbitrary OS commands via shell metacharacters in a module name. This can be exploited remotely to execute commands as the git user. The vulnerable code can be reached via `git-shell` even without CVS support. **Recommendations** For Git versions 2.10.5 and earlier, update to version 2.10.5 or later. For Git versions 2.11.x before 2.11.4, update to version 2.11.4 or later. For Git versions 2.12.x before 2.12.5, update to version 2.12.5 or later. For Git versions 2.13.x before 2.13.6, update to version 2.13.6 or later. For Git versions 2.14.x before 2.14.2, update to version 2.14.2 or later. As a temporary workaround, consider disabling the `cvsserver` subcommand until a patch is available.

Name of the Vulnerable Software and Affected Versions: rubyonrails rails (affected versions not specified) Description: The issue concerns a problem in rubyonrails rails. No specific details about the nature of the issue, affected devices, or real-world incidents are provided. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Web Console versions prior to 2.1.3 Ruby on Rails versions 3.x and 4.x **Description** The issue allows remote attackers to bypass the whitelisted ips protection mechanism via a crafted request. This is due to the improper restriction of X-Forwarded-For headers in determining a client's IP address. **Recommendations** For Web Console versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. For Ruby on Rails versions 3.x and 4.x, ensure that Web Console is updated to a version that properly restricts the use of X-Forwarded-For headers. As a temporary workaround, consider restricting access to the `request.rb` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 5.4.2 GitLab Community Edition versions prior to 6.2.4 GitLab Enterprise Edition versions prior to 6.2.1 **Description** The issue allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls when using a MySQL backend. **Recommendations** For GitLab versions prior to 5.4.2, update to version 5.4.2 or later. For GitLab Community Edition versions prior to 6.2.4, update to version 6.2.4 or later. For GitLab Enterprise Edition versions prior to 6.2.1, update to version 6.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** sup versions prior to 0.13.2.1 sup versions 0.14.x prior to 0.14.1.1 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. Multiple vulnerabilities in the sup-mail package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 0.13.2.1, update to version 0.13.2.1 or later. For versions 0.14.x prior to 0.14.1.1, update to version 0.14.1.1 or later. As a temporary workaround, consider restricting the handling of email attachments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sup versions 0.13.2 and earlier, 0.14.x before 0.14.1.1 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `content type` of an email attachment. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely. **Recommendations** For Sup versions 0.13.2 and earlier, update to version 0.13.2.1 or later. For Sup versions 0.14.x before 0.14.1.1, update to version 0.14.1.1 or later. As a temporary workaround, consider restricting access to email attachments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 2.3.x through 3.2.x **Description** The issue allows remote attackers to conduct data-type injection attacks against Ruby on Rails applications. This is due to the Active Record component not ensuring that the declared data type of a database column is used during comparisons of input values to stored values in that column. The attack can be carried out via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. **Recommendations** For versions 2.3.x through 3.2.x, update to a version that ensures the declared data type of a database column is used during comparisons of input values to stored values in that column. As a temporary workaround, consider restricting the use of the "typed XML" feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 2.3.17 Ruby on Rails versions 3.1.x prior to 3.1.11 Ruby on Rails versions 3.2.x prior to 3.2.12 **Description** The issue allows remote attackers to bypass the `attr protected` protection mechanism and modify protected model attributes via a crafted request. This enables attackers to manipulate attributes that should be protected, potentially leading to unauthorized data modifications. **Recommendations** For versions prior to 2.3.17, update to version 2.3.17 or later. For versions 3.1.x prior to 3.1.11, update to version 3.1.11 or later. For versions 3.2.x prior to 3.2.12, update to version 3.2.12 or later.

**Name of the Vulnerable Software and Affected Versions** Redmine versions 0.9.x through 1.0.4 **Description** The issue allows remote attackers to execute arbitrary commands via unknown vectors. **Recommendations** For versions 0.9.x through 1.0.4, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Redmine versions prior to 1.0.5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Redmine versions 1.0.0 through 1.0.4 **Description** The issue allows remote authenticated users to obtain sensitive information via unknown vectors. **Recommendations** For versions 1.0.0 through 1.0.4, update to version 1.0.5 or later to resolve the issue.