Apache: Security Vulnerabilities
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
* list
* show
* rewrite
* update
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
CVSS Score
5.7
EPSS Score
0.002
Published
2023-12-13
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
CVSS Score
9.8
EPSS Score
0.937
Published
2023-12-07
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-05
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
CVSS Score
9.8
EPSS Score
0.94
Published
2023-12-05
** UNSUPPORTED WHEN ASSIGNED **
The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.
This issue affects Apache Tiles from version 2 onwards.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-11-30
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-11-30
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
CVSS Score
6.5
EPSS Score
0.003
Published
2023-11-30
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-11-30
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.
This issue affects Apache Superset: before 3.0.0
CVSS Score
5.8
EPSS Score
0.002
Published
2023-11-28
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
This issue affects Apache Superset before 3.0.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-11-28