Linode Safety Digest July 17-24, 2022


On this week’s digest, we can quilt an account takeover vulnerability in Grafana 5.3, a trail traversal vulnerability with doable privilege escalation in pyenv, and a denial-of-service vulnerability in Apache Tomcat.

Grafana Account Takeover the usage of OAuth Vulnerability (CVE-2022-31107)

Grafana just lately launched variations 8.3.10, 8.4.10, 8.5.9, and 9.0.3 to mitigate a vulnerability associated with its OAuth implementation. The vulnerability stems from the way in which that exterior and inside person accounts are connected in combination all the way through login by means of OAuth. 

In an effort to exploit the vulnerability, a malicious person must be licensed to log in to Grafana by means of OAuth, their username and electronic mail deal with will have to no longer already be related to an account in Grafana, they usually want to know the objective person’s username in Grafana. If those stipulations are met, the malicious person can set their username to the similar username in Grafa OAuth and this lets them log in as goal person with out to any extent further exploitation.

This vulnerability was once scored 7.1 (Top) at the CVSS 3.1 scale and it impacts Grafana variations 5.3 till 9.0.3, 8.5.9, 8.4.10, and eight.3.10. Grafana builders urge their customers to replace Grafana 5.3 installations once imaginable to mitigate the problem. As a workaround, it’s imaginable to disable any OAuth login or make sure that all customers licensed to log in by means of OAuth have a corresponding person account in Grafana connected to their electronic mail deal with.

Trail Traversal Vulnerability in pyenv (CVE-2022-35861)

A relative trail traversal vulnerability was once just lately patched in pyenv, which might permit native customers to achieve privileges on a machine. This vulnerability impacts pyenv variations 1.2.24 thru 2.3.2. This vulnerability scored 7.8 (Top) on CVSS 3.1 scale.

To offer extra context at the vulnerability, “shims” are light-weight executables that merely move your command alongside to pyenv for execution.

The usage of this vulnerability, an attacker can craft a Python edition string in .python-version to execute shims below their regulate. The vulnerability is led to by means of a lacking validation take a look at at the edition string supplied within the .python-version report. The contents of this report is used to build the trail to the instructions that want to be completed. Through manipulating the price throughout the report, relative trail traversal can happen, which additionally permits native customers to achieve privileges by means of a .python-version report within the present operating listing.

Apache Tomcat Denial of Provider (CVE-2022-29885)

Apache Tomcat is a loose and open supply device that gives a “natural Java” HTTP internet server setting through which Java code can run. Tomcat additionally permits their customers to create clusters with their servers for availability and cargo balancing purposes. 

This vulnerability in Tomcat’s clustering serve as was once to begin with reported on April 17, 2022. This flaw described a mistake made within the documentation which overstated the security supplied by means of the EncryptInterceptor. Because the have an effect on was once Low and a patch would indirectly enhance the protection posture of Apache Tomcat, this flaw was once marked as “won’t repair”.

Whilst the part (EncryptInterceptor) that led to the vulnerability supplied confidentiality and integrity coverage, it didn’t give protection to towards all dangers related to working over any untrusted community, in particular DoS dangers. To learn extra about how DoS may also be accomplished, chances are you’ll check with the article written by means of Cristian Giustini.

 Apache recommends their customers to replace to edition 9.0.63 to mitigate this factor.


Supply hyperlink


Leave a Reply

Your email address will not be published. Required fields are marked *