Updated advisory posts against rubysec/ruby-advisory-db@58766d8

rubysec · Jul 11, 2024 · 47879ab · 47879ab
1 parent 83c299e
commit 47879ab
Show file tree

Hide file tree

Showing 3 changed files with 139 additions and 0 deletions.
diff --git a/advisories/_posts/2024-07-10-CVE-2024-27090.md b/advisories/_posts/2024-07-10-CVE-2024-27090.md
@@ -0,0 +1,42 @@
+---
+layout: advisory
+title: 'CVE-2024-27090 (decidim): Decidim vulnerable to data disclosure through the
+  embed feature'
+comments: false
+categories:
+- decidim
+advisory:
+  gem: decidim
+  cve: 2024-27090
+  ghsa: qcj6-vxwx-4rqv
+  url: https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv
+  title: Decidim vulnerable to data disclosure through the embed feature
+  date: 2024-07-10
+  description: |
+    ### Impact
+    If an attacker can infer the slug or URL of an unpublished or private
+    resource, and this resource can be embedded (such as a Participatory
+    Process, an Assembly, a Proposal, a Result, etc), then some data of
+    this resource could be accessed.
+
+    ### Patches
+
+    Version 0.27.6
+
+    https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705
+
+    ### Workarounds
+
+    Disallow access through your web server to the URLs finished with `/embed.html`
+  cvss_v3: 5.3
+  patched_versions:
+  - ">= 0.27.6"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-27090
+    - https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv
+    - https://github.com/decidim/decidim/pull/12528
+    - https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705
+    - https://github.com/decidim/decidim/releases/tag/v0.27.6
+    - https://github.com/advisories/GHSA-qcj6-vxwx-4rqv
+---
diff --git a/advisories/_posts/2024-07-10-CVE-2024-27095.md b/advisories/_posts/2024-07-10-CVE-2024-27095.md
@@ -0,0 +1,50 @@
+---
+layout: advisory
+title: 'CVE-2024-27095 (decidim-admin): Decidim cross-site scripting (XSS) in the
+  admin panel'
+comments: false
+categories:
+- decidim-admin
+advisory:
+  gem: decidim-admin
+  cve: 2024-27095
+  ghsa: 529p-jj47-w3m3
+  url: https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3
+  title: Decidim cross-site scripting (XSS) in the admin panel
+  date: 2024-07-10
+  description: |
+    ### Impact
+
+    The admin panel is subject to potential XSS attach in case the attacker
+    manages to modify some records being uploaded to the server.
+
+    The attacker is able to change  e.g. to `<svg onload=alert('XSS')>`
+    if they know how to craft these requests themselves. And then enter
+    the returned blob ID to the form inputs manually by modifying the
+    edit page source.
+
+    ### Patches
+
+    Available in versions 0.27.6 and 0.28.1.
+
+    ### Workarounds
+
+    Review the user accounts that have access to the admin panel (i.e.
+    general Administrators, and participatory space's Administrators)
+    and remove access to them if they don't need it.
+
+    ### References
+
+    OWASP ASVS v4.0.3-5.1.3
+  cvss_v3: 5.4
+  patched_versions:
+  - "~> 0.27.6"
+  - ">= 0.28.1"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-27095
+    - https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3
+    - https://github.com/decidim/decidim/releases/tag/v0.27.6
+    - https://github.com/decidim/decidim/releases/tag/v0.28.1
+    - https://github.com/advisories/GHSA-529p-jj47-w3m3
+---
diff --git a/advisories/_posts/2024-07-10-CVE-2024-32469.md b/advisories/_posts/2024-07-10-CVE-2024-32469.md
@@ -0,0 +1,47 @@
+---
+layout: advisory
+title: 'CVE-2024-32469 (decidim): Decidim cross-site scripting (XSS) in the pagination'
+comments: false
+categories:
+- decidim
+advisory:
+  gem: decidim
+  cve: 2024-32469
+  ghsa: 7cx8-44pc-xv3q
+  url: https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q
+  title: Decidim cross-site scripting (XSS) in the pagination
+  date: 2024-07-10
+  description: |
+    ### Impact
+
+    The pagination feature used in searches and filters is subject to
+    potential XSS attack through a malformed URL using the GET parameter
+    `per_page`.
+
+    ### Patches
+
+    Patched in version 0.27.6 and 0.28.1
+
+    ### References
+
+    OWASP ASVS v4.0.3-5.1.3
+
+    ### Credits
+
+    This issue was discovered in a security audit organized by the
+    [mitgestalten Partizipationsbüro](https://partizipationsbuero.at/)
+    and funded by [netidee](https://www.netidee.at/) against Decidim
+    done during April 2024. The security audit was implemented by
+    [AIT Austrian Institute of Technology GmbH](https://www.ait.ac.at/),
+  cvss_v3: 7.1
+  patched_versions:
+  - "~> 0.27.6"
+  - ">= 0.28.1"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-32469
+    - https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q
+    - https://github.com/decidim/decidim/releases/tag/v0.27.6
+    - https://github.com/decidim/decidim/releases/tag/v0.28.1
+    - https://github.com/advisories/GHSA-7cx8-44pc-xv3q
+---