Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-fr6r-p8hv-x3c4: Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

### Impact Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions. ### Patches Patched in 15.4.2 and 16.0.0. ### Workarounds None available.

ghsa
Open in Source
#vulnerability#auth
Feds Seize BidenCash Carding Market and Its Crypto Profits

After three years of peddling stolen data, BidenCash, one of the web's most brazen cybercrime hubs is offline, and authorities say they're just getting started.

ICE Quietly Scales Back Rules for Courthouse Raids

A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.

GHSA-f3fg-mf2q-fj3f: NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

**Overview** In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, __session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, 2. Applications using CDN or edge caching that caches responses with the Set-Cookie header. 3. If the Cache-Control header is not properly set for sensitive responses. **Fix** Upgrade auth0/nextjs-auth0 to v4.6.1.

GHSA-8vxj-4cph-c596: Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

## Summary It is possible to bypass Deno's read/write permission checks by using `ATTACH DATABASE` statement. ## PoC ```js // poc.js import { DatabaseSync } from "node:sqlite" const db = new DatabaseSync(":memory:"); db.exec("ATTACH DATABASE 'test.db' as test;"); db.exec("CREATE TABLE test.test (id INTEGER PRIMARY KEY, name TEXT);"); ``` ``` $ deno poc.js ```

GHSA-xqxc-x6p3-w683: Deno run with --allow-read and --deny-read flags results in allowed

### Summary `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. Same with all global unary permissions given as `--allow-* --deny-*`. ### Details Caused by the fast exit logic in #22894. ### PoC Run the above command expecting no permissions to be passed. ### Impact This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase.

GHSA-33p9-3p43-82vq: Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

## Impact On Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. ## Mitigations - upgrade to `jupyter_core>=5.8.1` (5.8.0 is patched but breaks `jupyter-server`) , or - as administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users, or - as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions, or - as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user) ## Credit Reported via Trend Micro Zero Day Initiative as ZDI-CAN-25932

GHSA-2x3r-hwv5-p32x: Deno's AES GCM authentication tags are not verified

### Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit [0d1beed](https://github.com/denoland/deno/commit/0d1beed). Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. ### PoC ```ts import { Buffer } from "node:buffer"; import { createCipheriv, createDecipheriv, randomBytes, scrypt, } from "node:crypto"; type Encrypted = { salt: string; iv: string; enc: string; authTag: string; }; const deriveKey = (key: string, salt: Buffer) => new Promise<Buffer>((res...

GHSA-v9m8-9xxp-q492: Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

**Overview** The Auth0 PHP SDK contains a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0-PHP SDK, versions between 8.0.0-BETA3 to 8.3.0. 2. Applications using the following SDKs that rely on the Auth0-PHP SDK versions between 8.0.0-BETA3 to 8.3.0: a. Auth0/symfony, b. Auth0/laravel-auth0, c. Auth0/wordpress. **Fix** Upgrade Auth0/Auth0-PHP to 8.3.1. **Acknowledgement** Okta would like to thank Andreas Forsblom for discovering this vulnerability.

Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs

Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.