On this week’s digest, we’ll talk about:
- a Grafana safety launch;
- Integer overflow in VLC; and
- a Snapd race situation vulnerability.
Grafana Safety Launch
Privilege escalation: Unauthorized entry to arbitrary endpoints
CVE-2022-39328 is a race situation in Grafana codebase, which permits an unauthenticated consumer to question an arbitrary endpoint in Grafana. A race situation within the HTTP context creation may end in an HTTP request being assigned the authentication/authorization middlewares of one other name. Beneath heavy load, it’s potential {that a} name protected by a privileged middleware receives the middleware of a public question as a substitute. In consequence, an unauthenticated consumer can efficiently question protected endpoints with malicious intent.
All installations for Grafana variations >=9.2.x are impacted. To totally handle CVE-2022-39328, Grafana recommends upgrading your situations.
Privilege escalation: Usernames/e-mail addresses can’t be trusted
Grafana directors can invite different members to the group they’re an administrator for. When admins add members to the group, non-existing customers get an e-mail invite whereas current members are added on to the group. When an invitation hyperlink is shipped, it permits anybody with entry to the hyperlink to enroll with no matter username/e-mail handle the consumer chooses and change into a member of the group. The CVSS rating for CVE-2022-39306 is 6.4 Reasonable.
All installations for Grafana variations <=9.x, <8.x are impacted. To totally handle CVE-2022-39306, Grafana recommends upgrading your situations.
Username enumeration
When utilizing the neglect password on the login web page, a POST request is made to the /api/consumer/password/sent-reset-email URL. When the username or e-mail doesn’t exist, a JSON response accommodates a “consumer not discovered” message, which could be leveraged by unauthenticated customers to reveal data on impacted endpoints.
The CVSS rating for CVE-2022-39307 is 5.3 Reasonable. All installations for Grafana variations <=9.x, <8.x are impacted. To totally handle this vulnerability, Grafana recommends upgrading your situations.
Integer Overflow in VLC
VLC media participant (beforehand the VideoLAN Shopper and generally generally known as merely VLC) is a free and open supply, transportable, cross-platform media participant software program and streaming media server developed by the VideoLAN challenge. CVE-2022-41325 resides within the VNC module. VLC can show a VNC video stream by utilizing its URI: vlc vnc://ip_address_of_server:port/
If an attacker has management over a VNC server, they’ll trick VLC into allocating a reminiscence buffer shorter than anticipated. The attacker then has a strong relative “write-what-where” primitive. They’ll crash VLC, or execute arbitrary code below sure circumstances. Though VNC help is supplied by way of a third-party library (LibVNCClient), the affected code is in VLC itself.
Model 3.0.17.4 and earlier are affected. The VLC group has fastened the vulnerability with the commit right here.
Snapd Race Situation Vulnerability
The snap-confine program is used internally by snapd to assemble the execution surroundings for snap purposes, that are containerized software program packages. CVE-2022-3328 describes a race situation vulnerability within the must_mkdir_and_open_with_perms() perform in snap-confine, which is put in as a SUID-root program by default on Ubuntu. This was launched as a part of the repair for CVE-2021-44731.
An attacker with regular consumer privileges can use Multipath Privilege Escalation Vulnerability (CVE-2022-41974) and Multipath Symbolic Hyperlink Vulnerability, bind the /tmp listing to any listing within the file system, and promote the strange consumer permissions to ROOT permissions.
Affected snapd variations are 2.54.3 – 2.57.6. At current, the official safety model has been launched to repair this vulnerability. It is suggested that affected customers improve to a more moderen model.