Pedro Sampaio

**Name of the Vulnerable Software and Affected Versions** OpenStack versions 16.1 through 17.0 **Description** A vulnerability in the stack abandon command could expose sensitive information. **Recommendations** For versions 16.1 through 17.0, upgrade to version 22.0.2 to maintain data security.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG (affected versions not specified) **Description** A flaw in OpenJPEG can cause a resource exhaustion in the `opj t1 decode cblks` function in tcd.c through a crafted image file, leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GTK versions prior to the fixed version **Description** A flaw was found in the GTK library, allowing for library injection from the current working directory under certain conditions. This could potentially enable an attacker to elevate their privileges. The issue is related to incorrect code generation management. **Recommendations** For GTK versions prior to the fixed version, consider restricting access to the current working directory to minimize the risk of library injection until a patch is available. As a temporary workaround, avoid using the vulnerable library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite foreman-installer (affected versions not specified) **Description** The issue is related to insufficient protection of service data in the foreman-installer component of Red Hat Satellite. It allows an attacker to obtain a password from the process list when the `puppet-candlepin` is invoked with the `cpdb` command and the `--password` parameter. This can be exploited by an attacker to gain unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: github.com/containers/image (affected versions not specified) Description: A flaw was found in the github.com/containers/image library, related to incorrect integrity value checking. This issue allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sssd (affected versions not specified) **Description** A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 389-ds-base (affected versions not specified) **Description** A denial of service issue was found in the 389-ds-base ldap server, which may allow an authenticated user to cause a server crash while modifying the `userPassword` using malformed input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.36 and newer **Description** A heap-based buffer overflow was found in the vsyslog internal function of the glibc library. This function is called by the syslog and vsyslog functions. The issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This vulnerability allows attackers to elevate their privileges on Linux systems to root level. **Recommendations** For glibc versions 2.36 and newer, update to a patched version of glibc to resolve the issue. If a patched version is not available, consider disabling the vulnerable function vsyslog internal() as a temporary workaround. Restrict access to the syslog and vsyslog functions to minimize the risk of exploitation. Avoid using the ident argument set to NULL in the openlog function.

**Name of the Vulnerable Software and Affected Versions** sudo (affected versions not specified) **Description** A flaw was found in sudo in the handling of `ipa hostname`, where `ipa hostname` from `/etc/sssd/sssd.conf` was not propagated in sudo. This leads to a privilege mismanagement issue in applications, where client hosts retain privileges even after they have been retracted. The vulnerability may allow a remote attacker to bypass existing security restrictions and maintain privileges after they have been revoked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in the Keycloak package, allowing an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. This flaw also enables an attacker to benefit from an LDAP query and access existing usernames in the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Undertow (affected versions not specified) **Description** A vulnerability in Undertow's ajp-listener component is related to uncontrolled resource consumption due to incorrect decoding of request path information. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak version 22.0.5 **Description** A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the logs' integrity. The flaw is caused by errors in the browser client during setup or authentication with "Security Key login" (WebAuthn) being written into the form, sent to Keycloak, and logged without escaping, thus allowing log injection. **Recommendations** For Keycloak version 22.0.5, consider disabling the WebAuthn authentication mode until a patch is available to prevent potential log injection attacks. Restrict access to the authentication form to minimize the risk of exploitation. Avoid using the WebAuthn authentication mode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenShift API (affected versions not specified) **Description** A flaw was found in OpenShift API, as admission checks do not enforce `custom-host` permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quarkus (affected versions not specified) **Description** A flaw was found in Quarkus, where Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used. This can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. It is noted that passwords are not stored in access tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** foreman (affected versions not specified) **Description** A sensitive information exposure issue was found in foreman, where the contents of tomcat's server.xml file are world readable. This file contains passwords to candlepin's keystore and truststore. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libnbd (affected versions not specified) **Description** A flaw was found in libnbd where a server can reply with a block size larger than 2^63, which is a 64-bit unsigned value according to the NBD spec. This issue could lead to an application crash or other unintended behavior for NBD clients that do not treat the return value of the `nbd get size()` function correctly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Binutils (affected versions not specified) **Description** A flaw was found in Binutils, where a logic fail in the `bfd init section decompress status` function may lead to the use of an uninitialized variable. This can cause a crash and local denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions (affected versions not specified) **Description** A flaw was found in ghostscript, related to a buffer overflow issue. This issue affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Candlepin (affected versions not specified) **Description** An improper access control flaw was found in Candlepin, allowing an attacker to create data scoped under another customer or tenant. This can result in loss of confidentiality and availability for the affected customer or tenant. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG (affected versions not specified) **Description** A flaw was found in OpenJPEG where maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. This issue might cause denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.