Lukas Braune

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira versions 3.1.0 through 3.2.2 Atlassian Confluence versions 3.1.0 through 3.2.2 Atlassian Bitbucket versions 2.4.0 through 3.0.3 Atlassian Bamboo versions 2.4.0 through 2.5.2 **Description** The issue affects the SAML Single Sign On (SSO) plugin, allowing locally disabled users to reactivate their accounts by browsing the affected instance. This can occur even when the "Reactivate inactive users" configuration option is disabled. Exploitation requires authorization by the identity provider and the "User Update Method" to be set to "Update from SAML Attributes". **Recommendations** For Atlassian Jira versions 3.1.0 through 3.2.2, update the SAML SSO plugin configuration to prevent reactivation of inactive users. For Atlassian Confluence versions 3.1.0 through 3.2.2, update the SAML SSO plugin configuration to prevent reactivation of inactive users. For Atlassian Bitbucket versions 2.4.0 through 3.0.3, update the SAML SSO plugin configuration to prevent reactivation of inactive users. For Atlassian Bamboo versions 2.4.0 through 2.5.2, update the SAML SSO plugin configuration to prevent reactivation of inactive users. As a temporary workaround, consider disabling the `User Update Method` set to `Update from SAML Attributes` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 9.0.0.M1 through 9.0.29 Apache Tomcat versions 8.5.0 through 8.5.49 Apache Tomcat versions 7.0.0 through 7.0.98 **Description** The issue is related to a session fixation attack when using FORM authentication. An attacker could potentially exploit this to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. The window for exploitation is considered narrow, but the issue is treated as a security concern. **Recommendations** For Apache Tomcat versions 9.0.0.M1 through 9.0.29, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 8.5.0 through 8.5.49, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 7.0.0 through 7.0.98, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to FORM authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Redis versions 3.x before 3.2.13 Redis versions 4.x before 4.0.14 Redis versions 5.x before 5.0.4 **Description** The issue is related to a stack-buffer overflow vulnerability in the Redis hyperloglog data structure. It occurs when the SETRANGE command corrupts the hyperloglog data structure, allowing an attacker to add up to 12 bytes of information past the end of a stack-allocated buffer. This can be exploited by a remote attacker to compromise data integrity, gain unauthorized access to sensitive information, and cause a denial of service. **Recommendations** For Redis versions 3.x before 3.2.13, update to version 3.2.13 or later. For Redis versions 4.x before 4.0.14, update to version 4.0.14 or later. For Redis versions 5.x before 5.0.4, update to version 5.0.4 or later. As a temporary workaround, consider restricting the use of the SETRANGE command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SQLite3 versions 3.6.0 through 3.27.2 **Description** The issue is related to a heap out-of-bound read in the `rtreenode()` function when handling invalid rtree tables. This can potentially allow a remote attacker to cause a denial of service, execute arbitrary code, or disclose protected information. **Recommendations** For SQLite3 versions 3.6.0 through 3.27.2, consider updating to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fixed version **Description** The issue is related to a use-after-free error in the ALSA /dev/snd/seq driver of the Linux kernel. It may allow an attacker to impact the confidentiality, integrity, and availability of protected information. A buffer overflow can occur via an SNDRV SEQ IOCTL SET CLIENT POOL ioctl write operation to /dev/snd/seq by a local user. **Recommendations** For Linux kernel versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the /dev/snd/seq device to minimize the risk of exploitation.