Lsd-Cat

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 Description: The issue lies in the code responsible for downloading replies in the SecureDrop Client. A malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine (`sd-app`). The filename of the reply is obtained from the `Content-Disposition` HTTP header and used to write the encrypted reply on disk. Although filenames are generated and sanitized server-side, and files are downloaded in an encrypted format, a previously compromised SecureDrop Server could manipulate the HTTP response to exploit this issue. The vulnerability allows code execution by writing an autostart file in `/home/user/.config/autostart/`. As of the time of publication, there is no known evidence of exploitation in the wild. Recommendations: For SecureDrop Client versions prior to 0.14.1, update to version 0.14.1 to fix the issue. As a temporary workaround, consider restricting access to the `/home/user/.config/autostart/` directory to prevent potential code execution.

**Name of the Vulnerable Software and Affected Versions** Hush Line versions prior to 0.1.0 **Description** Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. **Recommendations** For versions prior to 0.1.0, update to version 0.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Inbox feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Hush Line versions prior to 0.1.0 **Description** The Content Security Policy (CSP) applied on the `tips.hushline.app` website and bundled by default in the Hush Line repository is trivial to bypass. Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. **Recommendations** For versions prior to 0.1.0, update to version 0.1.0 to resolve the issue. As a temporary workaround, consider reviewing and reinforcing the CSP policy to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hush Line versions prior to 0.10 **Description** The issue concerns the TOTP authentication flow in Hush Line, which has multiple weaknesses that undermine its one-time nature. Specifically, the lack of 2FA for changing security settings allows an attacker with CSRF or XSS primitives to alter these settings without requiring user interaction or credentials. **Recommendations** For versions prior to 0.10, update to version 0.10 to resolve the issue.