Justlife4X4

Name of the Vulnerable Software and Affected Versions Convoy versions 3.9.0-beta through 4.5.0 Description Convoy, a KVM server management panel, had a flaw in the JWTService::decode() method where the cryptographic signature of JWT tokens was not verified. The validation process lacked the SignedWith constraint, allowing attackers to forge or modify JWT token payloads, specifically the `user uuid` claim, without invalidating the token as long as time-based claims were valid. This impacted the SSO authentication flow, enabling an attacker to authenticate as any user by crafting a token with an arbitrary `user uuid`. Recommendations Update Convoy to version 4.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Magento Long Term Support (LTS) versions prior to 20.12.3 Magento Long Term Support (LTS) versions prior to 20.13.1 **Description** The issue allows script execution in the admin panel, potentially leading to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access. **Recommendations** For versions prior to 20.12.3, update to version 20.12.3 to resolve the issue. For versions prior to 20.13.1, update to version 20.13.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Magento-lts versions prior to 20.10.1 **Description** This issue affects the design/header/welcome, design/header/logo src, design/header/logo src small, and design/header/logo alt system configs, which are intended to enable admins to set a text or define an image URL. Due to previously missing escaping, it allowed input of arbitrary HTML and, as a consequence, arbitrary JavaScript. This could be an issue in scenarios where users work with more restrictive roles in the backend, potentially leading to unintended privilege escalation. **Recommendations** For versions prior to 20.10.1, upgrade to Version 20.10.1 or higher to patch the issue. As a temporary workaround, consider restricting access to the System Configs. Check templates where these settings are used to apply proper HTML filtering. For users relying on the ability to use HTML in these settings, restore the previous behavior by using the new introduced `->getUnescapedValue()` method on escaped elements, and review the newly introduced `Mage Core Model Security HtmlEscapedString`.