Sev-Hack

**Name of the Vulnerable Software and Affected Versions** Engelsystem versions prior to the version containing commit ee7d30b33 **Description** Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. **Recommendations** For versions prior to the version containing commit ee7d30b33, ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.

**Name of the Vulnerable Software and Affected Versions** Engelsystem (affected versions not specified) **Description** Engelsystem is a shift planning system for chaos events. If a user's password is compromised and an attacker gains access to the user's account, the attacker's session is not terminated if the user's account password is reset. **Recommendations** Update installations to a version that includes the fix committed in `dbb089315ff3d`. As a temporary workaround, consider implementing additional security measures to monitor and terminate suspicious sessions. Restrict access to sensitive areas of the system until the update is applied. There are no known workarounds for this issue, so updating is the recommended course of action.