Scott Tolley

**Name of the Vulnerable Software and Affected Versions** CodeChecker versions prior to 6.27.4 **Description** An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with Authentication in conjunction with certain function calls, allowing an attacker to assign arbitrary permissions to any existing user. **Recommendations** Update to a version newer than 6.27.3.

**Name of the Vulnerable Software and Affected Versions** Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later **Description** The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files, potentially gaining server shell access. The issue stems from out-of-repository symlink destinations. The vulnerability enables unauthorized file write through symlink traversal in template repositories, potentially leading to remote code execution. **Recommendations** Forgejo versions prior to 13.0.2 should be updated to version 13.0.2 or later. Forgejo version 11 LTS should be updated to version 11.0.7 or later.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A blind SQL injection exists in the logout functionality, allowing unauthenticated attackers to exploit it. Using a time-based blind SQLi technique, an attacker can disclose all database contents. This could potentially lead to account takeover, depending on the presence or lack of certain entries in database tables. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LogicalDOC Enterprise (affected versions not specified) Description: The issue is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the issue. Although stealing the session cookie is not possible due to cookie security flags, the XSS may be used to induce a victim to perform on-site requests without their knowledge. Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GOautodial versions prior to commit 3c3a979 **Description** The issue allows an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. This is possible because the `action` parameter is not sanitized, permitting the execution of arbitrary PHP files. **Recommendations** For versions prior to commit 3c3a979, update to a version that includes the commit 3c3a979 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive PHP files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GOautodial versions prior to commit 3c3a979 **Description** The issue concerns incorrect validation of the `username` and `password` parameters in the API router, allowing for successful authentication with any specified values. **Recommendations** For versions prior to commit 3c3a979, update to a version that includes the fix made on October 13th, 2021, or later. As a temporary workaround, consider restricting access to the API router to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 5.8.5 **Description** The Bulk Modifications functionality is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries. **Recommendations** For Nagios XI versions prior to 5.8.5, update to version 5.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Bulk Modifications functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 5.8.4 **Description** The general user interface is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload. **Recommendations** For Nagios XI versions prior to 5.8.4, update to version 5.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the user interface to minimize the risk of exploitation. Avoid accessing suspicious or untrusted URLs while authenticated to the Nagios XI interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NagVis versions prior to 1.9.29 **Description** The Manage Backgrounds functionality within NagVis is vulnerable to an authenticated path traversal vulnerability. This vulnerability allows a malicious actor to arbitrarily delete files on the local system. **Recommendations** For NagVis versions prior to 1.9.29, update to version 1.9.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manage Backgrounds functionality until a patch is available.