Matt Hamilton

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 11.0.1 **Description** The issue is related to a denial of service (DoS) attack, which can be initiated remotely. It is caused by sending requests with a Content-Length header value that exceeds the actual byte count of the request body, potentially leading to unlimited memory allocation. This can allow an attacker to cause a service disruption. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 11.0.1, update to version 11.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Keycloak server to minimize the risk of exploitation. Avoid sending requests with a Content-Length header value that exceeds the actual byte count of the request body until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Argo CD versions 1.5.0 through 1.8.0 **Description** The default admin password is set to the argocd-server pod name, which could be abused for privilege escalation by insiders with access to the cluster or logs, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. **Recommendations** For versions 1.5.0 through 1.8.0, use SSO integration as a mitigation measure. The default admin password should only be used for initial configuration and then disabled or at least changed to a more secure password. Consider disabling the default admin user or changing its password to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control versions 19.3.25270.7185 **Description** An issue was discovered that allows Cross-Site Request Forgery (CSRF) to be used to send API requests. **Recommendations** For version 19.3.25270.7185, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control versions 19.3.25270.7185 **Description** An issue in ConnectWise Control allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. **Recommendations** For version 19.3.25270.7185, consider restricting access to the extension upload feature to prevent potential exploitation until a fix is available. As a temporary workaround, limit administrative user privileges to minimize the risk of uploading malicious ZIP files.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control version 19.3.25270.7185 **Description** An issue was discovered where certain HTTP security headers are not used, which could potentially lead to security risks. **Recommendations** For ConnectWise Control version 19.3.25270.7185, consider configuring the server to include the missing HTTP security headers to enhance security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control versions 19.3.25270.7185 **Description** An issue was discovered that allows an unauthenticated attacker to determine with certainty if an account exists for a given username, due to a user enumeration vulnerability. **Recommendations** For version 19.3.25270.7185, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control versions 19.3.25270.7185 **Description** A CORS misconfiguration issue allows JavaScript running on any domain to interact with the server APIs, enabling administrative actions without the victim's knowledge. This is due to the server reflecting the Origin provided by incoming requests. **Recommendations** For ConnectWise Control version 19.3.25270.7185, consider restricting access to the server APIs to prevent unauthorized administrative actions until a fix is available. As a temporary workaround, review and adjust the CORS configuration to properly validate and handle incoming requests.

**Name of the Vulnerable Software and Affected Versions** ConnectWise Control version 19.3.25270.7185 **Description** An issue was discovered in ConnectWise Control, where there is stored XSS in the Appearance modifier. **Recommendations** For version 19.3.25270.7185, update to a newer version that contains a fix for this issue, as using an outdated version may pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Assistant versions prior to 0.67.0 **Description** The issue allows an unauthenticated attacker to read the application's error log via the `components/api.py` component. **Recommendations** For versions prior to 0.67.0, update to version 0.67.0 or later to resolve the issue.