Digest of vulnerabilities for the past two months of summer

Greetings to you!

My name is Anastasia Travkina, I am a junior analyst at Webmonitorex. Together with the detection department, we have prepared a digest of vulnerabilities for the past two months of summer. This information will help you secure your systems and prevent potential threats.

Vulnerability monitoring helps to identify and eliminate potential threats in a timely manner. Regular system audits, software updates, and employee training will help to create reliable protection against potential attacks. Remember: security is not an end goal, but an ongoing process!

We would like to draw your attention to the following vulnerabilities:

⚡️ Zabbix Audit Log CVE-2024-22120

⚡️ Git CVE-2024-32002

⚡️WordPress PostX Plugin CVE-2024-5326

⚡️Atlassian Confluence Data Server and Data Center CVE-2024-21683

⚡️ JetBrains TeamCity CVE-2024-36370

⚡️ PHP CVE-2024-4577

⚡️ Mailcow CVE-2024-31204/ CVE-2024-30270

⚡️ Adobe Commerce/Magento CVE-2024-34102

⚡️ Docassemble – CVE-2024-27292

⚡️ Microsoft SharePoint Server 2019 – CVE-2024-38094/ CVE-2024-38023/ CVE-2024-38024

These vulnerabilities span a wide range of technologies and platforms, and each requires timely mitigation of potential threats. Carefully review the description of each vulnerability and follow the update recommendations to protect your systems.

Zabbix Audit Log CVE-2024-22120

A vulnerability has been discovered in insufficient input validation that leads to SQL injection.

Affected versions: 6.0.0-6.0.27, 6.4.0-6.4.12, 7.0.0alpha1-7.0.0beta1.

Recommendation: Upgrade Zabbix to a secure version to protect against SQL injections.

Git CVE-2024-32002

A vulnerability has been discovered in the use of symlinks when using hooks. Exploitation of this vulnerability leads to remote code execution (RCE).

Fix: git config –global core.symlinks false

Recommendation: Configure Git with git config –global core.symlinks false to prevent RCE via hooks.

WordPress PostX Plugin CVE-2024-5326

A vulnerability with a CVSS score of 8.8 was found in all versions of the plugin, including 4.1.2.

Problem: There is no check for access rights to change data, which allows authorized users to change site-wide settings, including setting the “Administrator” role for new users.

Recommendation: Update the plugin to the latest version and restrict access to settings.

Atlassian Confluence Data Server and Data Center CVE-2024-21683

Affected versions: 8.9.0, 8.8.0 – 8.8.1, 8.7.1 – 8.7.2, 8.6.0 – 8.6.2, 8.5.0 – 8.5.8 (LTS), 8.4.0 – 8.4.5, 8.3.0 – 8.3.4, 8.2.0 – 8.2.3, 8.1.0 – 8.1.4, 8.0.0 – 8.0.4, 7.20.0 – 7.20.3, 7.19.0 – 7.19.21.

Problem: A code vulnerability that allows an authorized user to execute malicious code (RCE).

Recommendation: Install the latest security updates.

JetBrains TeamCity CVE-2024-36370

Affected versions: up to 2022.04.7, 2022.10.0 – 2022.10.6, 2023.05.0 – 2023.05.6, 2023.11.0 – 2023.11.5.

Problem: A vulnerability in the CI/CD process when using the OAuth protocol allows cross-site scripting (XSS) attacks.

Recommendation: Perform an analysis and update the system.

PHP CVE-2024-4577 (CVE-2012-1823)

An update has been added for a previously fixed known vulnerability (CVE-2012-1823).

Problem: When using php-cgi on Windows with certain encodings (GB2312, shift_jis, etc.) the equal sign is interpreted incorrectly, allowing query parameters to be passed as command line arguments, resulting in remote code execution (RCE).

Recommendation: Check your settings and update the components you are using.

Mailcow (versions before 2024-04) CVE-2024-31204

A vulnerability in Mailcow that allows, due to incorrect processing of information (sanitize) during saving of error information, to further exploit XSS by injecting malicious code into the admin panel

Mailcow (versions before 2024-04) CVE-2024-30270

Vulnerability in Mailcow, which is a combination of Path Traversal and code execution, uses the rspamd_maps() function

Adobe Commerce/Magento CVE-2024-34102

A critical vulnerability has been discovered in Adobe Commerce and Magento – CVE-2024-34102, with a CVSS score of 9.8, which allows an attacker to remotely execute arbitrary code on the server. The issue is related to XML object injection before authentication (XXE).

This vulnerability allows an attacker to filter the app/etc/env.php file, which contains the cryptographic key for signing JWTs used for authentication. As a result, an attacker can create an admin JWT and gain full access to your Magento API. This poses a serious risk to the security of your data and infrastructure.

CVE-2024-34102 affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier.

Critical vulnerability in Docassemble – CVE-2024-27292

An unauthenticated path traversal vulnerability exposes sensitive files and secrets, potentially leading to privilege escalation and template injection, allowing remote code execution. The vulnerability affects Docassemble versions 1.4.53 through 1.4.96.

This vulnerability allows attackers to gain unauthorized access to information on the system by manipulating URLs. This can lead to data leakage, disclosure of sensitive information, and providing attackers with access to important resources that can be used for further attacks.

A proof-of-concept exploit is available on GitHub and is already being used by attackers. They can read sensitive information from arbitrary files on the server, which poses a serious risk to data security.

The fix is ​​available in Docassemble 1.4.97. If an immediate upgrade is not possible, consider implementing additional access controls, input validation, and URL sanitization. Monitor system logs for suspicious URL access attempts and restrict system access to trusted users.

Microsoft SharePoint Server 2019 – RCE

A recent security update resolves multiple remote code execution and information disclosure vulnerabilities in Microsoft SharePoint Server. These vulnerabilities could seriously impact the security of your data and infrastructure.

CVE-2024-38094: Remote Code Execution Vulnerability in Microsoft SharePoint.

An authenticated attacker with site owner privileges could execute arbitrary code in the context of the SharePoint server.

CVE-2024-38023: Information Disclosure Vulnerability in Microsoft SharePoint Server.

An attacker with site owner or higher privileges could upload a specially crafted file and send API requests to execute code on the SharePoint server.

CVE-2024-38024: Information Disclosure Vulnerability in Microsoft SharePoint Server.

An authenticated attacker with site owner privileges could execute arbitrary code on the SharePoint server.

Constant updating and monitoring are the key to reliable protection. Using Webmonitorex products will help you create sustainable protection against potential attacks, promptly respond to threats and maintain a high level of security for your infrastructure.

All about API Security, Web Security. A little more about vulnerabilities and technical research of the Webmonitorex team. No advertising. Only useful materials. https://t.me/WMXWAS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *