Cybersecurity information flow

影响厂商:b'LinkedIn'(https://hackerone.com/linkedin) 

Taskhub version 2.8.8 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice 6360-2 - USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ftrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.

BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.

Elasticsearch version 8.5.3 stack overflow proof of concept exploit.

Red Hat Security Advisory 2023-5337-01 - A security update for Camel K 1.10.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.

Ubuntu Security Notice 6394-1 - It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

chsrc 全平台命令行换源工具

Java静态分析框架Tai-e的简单使用 https://y4er.com/posts/simple-use-of-the-java-static-analysis-framework-tai-e/
代码审计 | 不安全的路径检查 https://mp.weixin.qq.com/s/R_HPQ8LwilBPPyOD-YpIog
LLMs支持的通用fuzzing https://mp.weixin.qq.com/s/tEM4k15x1pFAwhHjkDJsEA
如何从大模型萃取敏感训练数据 https://mp.weixin.qq.com/s/gZZfuuQ_d6ISt9GQDNRNGA

최근에 ZAP에 재미있는 Addon이 추가됬습니다. GSoC(Google Summer of Code) 2023의 결과물로 BurpSuite의 Navigation Recorder와 비슷해보이는 기능으로 릴리즈 직후부터 틈틈히 가지고 놀아본 결과 다른 의미로 가능성이 보이는 Addon이란 생각이 들었습니다. 오늘은 바로 Client Side Integration Addon에 대한 이야기를 하려고 합니다. Client Side Integration Addon 서론에서 언급한대로 Client Side Integration Addon은 브라우저와 ZAP 간의 상호작용을 돕는 Addon입니다. 기본적으로 브라우저에서의 동작을 기억하고 Zest Script로 변환해서 만들어주는 기능을 가지고 있습니다. Zest는 자동화된 보안 테스팅을 위한 JSON 기반의 언어입니다. Zest에 대한 자세한 내용은 Cullinan > Zest 문서를 참고해주세요. Installation pre-configured browser Client Side Integration Addon은 현재 ZAP Marketplace에 올라와 있고, ZAP 내부에서 쉽게 설치할 수 있습니다. Chrome과 Firefox 모두 지원합니다. 다만 Firefox의 권한 문제로 인해 설정 정보가 저장되지 않습니다. 그래서 저는 아래 방법으로 환경을 구성했습니다. Common firefox 간단한 방법은 Firefox의 addon 파일인 xpi를 통해 직접 설치하는 방법입니다. pre-configured browser에 설치하는 방버을 사용했다면 아래 디렉토리에 Addon 파일이 존재합니다. 여기서 xpi는 Firefox의 설치 확장자로 zap_browser_extension.xpi 파일을 별도로 Firefox에 설치해주면 pre-configured browser와 동일하게 동작합니다. ~/Library/Application Support/ZAP/selenium/extensions # eval_villain-latest-fx.xpi # zap_browser_

我们知道，在Python里面，要把JSON转成字典是非常容易的，只需要使用json.loads(JSON字符串)就可以了。
但如果这个JSON转成的字典，嵌套比较深，那么要读取里面的数据就非常麻烦了。如下图所示：
如果我要读取把图中的end减去start字段，那么用字典的时候，代码要写成这样：
1

result = info['data'][0]['entities']['annotations'][0]['end'] - info['data'][0]['entities']['annotations'][0]['start']

光是看到这些方括号和单引号，就够让人头晕了。
但如果改成下面这样，看起来就清爽多了：
1

result = info.data[0].entities.annotations[0].end - info.data[0].entities.annotations[0].start

那么如何快速把一个嵌套很深的字典转换为对象呢？其实非常简单，使用Python自带的SimpleNamespace就可以了。
使用SimpleNamespace可以快速创建一个空对象，并设置它的属性，用法如下：
1
2
3
4
5

from types import SimpleNamespace

ins = SimpleNamespace(aa=1, bb=2, cc=3)

print(ins.bb)

运行效果如下图所示：
基于字典创建也非常简单：
1
2
3
4
5
6
7

from types import SimpleNamespace


data = {'aa': 1, 'bb': 2, 'cc': 3}
ins = SimpleNamespace(**data)

print(ins.bb)


对于深层嵌套的JSON字符串，我们在使用json.loads时，额外设置一个参数：object_hook，就可以实现递归式转换内层字典：
1

x = json.loads(JSON字符串, object_hook=lambda d: SimpleNamespace(**d))

如下图所示：
关于参数object_hook的具体用法，大家可以看官方文档

影响厂商:b'Nord Security'(https://hackerone.com/nordsecurity) 

有新的漏洞组件被发现啦,组件ID:RoundCube
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

有新的漏洞组件被发现啦,组件ID:F5
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.

有新的漏洞组件被发现啦,组件ID:Jenkins
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

有新的漏洞组件被发现啦,组件ID:Jenkins
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.