Kai Zhao

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.9.0 through 0.10.x **Description** The issue is related to improper input validation, allowing attackers to access files in the filesystem by adding relative path indicators (e.g `..`). This enables them to see the contents of any files that the server account can access. **Recommendations** For Apache Zeppelin versions 0.9.0 through 0.10.x, upgrade to version 0.11.0 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow Drill Provider versions prior to 2.3.2 **Description** The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information. The vulnerability is due to the host passed in the drill connection not being sanitized. **Recommendations** For versions prior to 2.3.2, update to version 2.3.2 or later to resolve the issue. As a temporary workaround, consider sanitizing the host input in the drill connection to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.9.0 and prior versions **Description** The issue is related to improper Input Validation in the "Move folder to Trash" feature of Apache Zeppelin, allowing an attacker to delete arbitrary files. **Recommendations** For Apache Zeppelin versions 0.9.0 and prior, consider disabling the "Move folder to Trash" feature until a patch is available to prevent arbitrary file deletion.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.2.4 through 2.3.3 **Description** The issue concerns the `database` webserver session backend, which was susceptible to session fixation. This means an attacker could potentially fixate a session ID on a user's browser, allowing them to access the user's session after the user has authenticated. **Recommendations** For Apache Airflow versions 2.2.4 through 2.3.3, consider disabling the `database` webserver session backend as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow Docker's Provider versions prior to 3.0.0 **Description** The issue is related to an example DAG in Apache Airflow Docker's Provider that is vulnerable to authenticated remote code exploit on the Airflow worker host. **Recommendations** For versions prior to 3.0.0, disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access and Identity Manager (affected versions not specified) **Description** The issue is related to a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. This vulnerability is associated with inadequate access control on the VMware Workspace ONE Access administration platform. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crafter Studio of Crafter CMS (affected versions not specified) **Description** The issue allows authenticated developers to execute OS commands via FreeMarker static methods. This is due to an improper control of dynamically-managed code resources vulnerability in Crafter Studio of Crafter CMS. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.2.4 **Description** The issue arises from some example DAGs in Apache Airflow not properly sanitizing user-provided params, making them susceptible to OS Command Injection from the web UI. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the web UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows authenticated administrators to modify the main YAML configuration file, which can lead to loading a Java class and resulting in remote code execution (RCE). This means an attacker with administrative access could potentially execute arbitrary code on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Spring (affected versions not specified) **Description** The issue allows authenticated users with Administrator or Developer roles to execute OS commands remotely by exploiting the SPEL Expression in Spring beans, which lacks security restrictions. This can lead to remote code execution (RCE). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 **Description** The issue allows authenticated users with Administrator or Developer roles to execute OS commands by Groovy Script, which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely. **Recommendations** For versions prior to 7.4.11, update to version 7.4.11 or later. For versions 7.3.0 through 7.3.6, update to version 7.3.7 or later. For versions 7.0.0 through 7.0.14, update to version 7.0.15 or later. For versions 6.13.0 through 6.15.9, update to version 6.15.10 or later.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows authenticated users with Site roles to inject XSS scripts via file names. These scripts will execute in the browser for the same user and other users of the same site. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue allows authenticated administrators to override the system configuration file, which can cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crafter CMS versions prior to 3.0.27 Crafter CMS versions prior to 3.1.7 **Description** The issue is related to improper control of dynamically-managed code resources in Crafter Studio, allowing authenticated developers to execute OS commands via Groovy scripting. **Recommendations** For versions prior to 3.0.27, update to version 3.0.27 or later. For versions prior to 3.1.7, update to version 3.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** HedEx Lite versions earlier than V200R006C00SPC007 **Description** The issue is related to a reflection XSS vulnerability in HedEx products, where remote attackers can send malicious links to users, tricking them into clicking, which can initiate XSS attacks. The vulnerability is also described as being related to the failure to protect the web page structure, allowing a remote attacker to perform cross-site scripting attacks using a malicious link. **Recommendations** For HedEx Lite versions earlier than V200R006C00SPC007, update to version V200R006C00SPC007 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or links to minimize the risk of exploitation. Avoid using links from untrusted sources in the affected HedEx Lite versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions 3.0.0 through 3.8.7 **Description** The issue is related to inadequate input filtering, which leads to multiple XSS vulnerabilities. The default filtering settings could potentially allow users of the default Administrator user group to perform an XSS attack. **Recommendations** For versions 3.0.0 through 3.8.7, update to version 3.8.8 or later to resolve the issue. As a temporary workaround, consider restricting the default Administrator user group privileges to minimize the risk of exploitation. Additionally, review and adjust the input filtering settings to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 11.1 **Description** An issue in Safari allows remote attackers to spoof the address bar via a crafted web site, involving the "Safari" component. **Recommendations** For versions prior to 11.1, update to version 11.1 or later to resolve the issue.