Weak SVG asset filtering mechanism in Squidex
| CENSUS ID: | CENSUS-2023-0004 |
| CVE ID: | CVE-2023-46857 |
| Affected Products: | Squidex versions prior to 7.9.0 |
| Class: | Improper Neutralization of Input During Web Page Generation (CWE-79) |
| References: | GitHub Security Advisory |
| Discovered by: | Charalampos Maraziaris |
CENSUS has discovered a stored cross site scripting (XSS) vulnerability in the Squidex "headless" open source CMS framework. The vulnerability affects all versions of Squidex prior to 7.9.0 and enables privilege escalation affecting authenticated victim users. The Squidex development team has addressed the issue in version 7.9.0 of the software.
Race condition in key creation and key rotation exposes private keys of Tang server
| CENSUS ID: | CENSUS-2023-0002 |
| CVE ID: | CVE-2023-1672 |
| Affected Products: | Tang versions prior to 14 |
| Class: | Insecure Inherited Permissions (CWE-277) |
| Discovered by: | Brian McDermott |
The Tang open source software is used to bind data to network presence. It is commonly used along with Clevis clients to provide for unattended LUKS decryption of server storage volumes within the realms of a network, where a trusted Tang server is situated. CENSUS identified that the Tang software in versions 11, 12 and 13 (and possibly previous versions) is vulnerable to a form of race condition, where the Tang private keys become exposed for a small time window to other users on the same host. The issue is tracked as CVE-2023-1672. Users are recommended to upgrade to Tang version 14 where the issue has been sufficiently addressed.
Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint
| CENSUS ID: | CENSUS-2023-0001 |
| CVE ID: | CVE-2023-24278 |
| Affected Products: | Squidex versions prior to 7.4.0 |
| Class: | Improper Neutralization of Input During Web Page Generation (CWE-79) |
| Discovered by: | Ioannis Christodoulakos |
CENSUS has discovered two reflected cross site scripting (XSS) vulnerabilities in the Squidex open source headless CMS software. The Reflected Cross Site Scripting vulnerabilities affect all versions of Squidex prior to 7.4.0 and affect both authenticated and unauthenticated victim users. The Squidex development team has addressed the issues in version 7.4.0 of the software.
Multiple vulnerabilities in Snipe-IT
| CENSUS ID: | CENSUS-2022-0002 |
| CVE IDs: | CVE-2022-44380, CVE-2022-44381 |
| Affected Products: | Snipe-IT versions prior to 6.0.14 |
| Class of CVE-2022-44380: | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| Class of CVE-2022-44381: | Improper Access Control (CWE-284) |
| Discovered by: | Charalampos Maraziaris |
CENSUS identified Cross-Site Scripting (XSS) and username fingerprinting bugs in Snipe-IT. Snipe-IT is a free open source IT asset/license management system. CENSUS has verified that release 6.0.14 of Snipe-IT carries appropriate fixes only for the identified Cross Site Scripting vulnerabilities.