On this week’s digest, we’ll talk about the next:

• Atlassian Confluence Information Heart & Server Distant Code Execution
• Adobe ColdFusion Distant Code Execution
• OpenSSH Forwarded ssh-agent Distant Code Execution
• AMD “Zenbleed” 

CVE-2023-22505 & CVE-2023-22508: Atlassian Confluence Information Heart & Server Distant Code Execution

Background

Confluence, developed by the Australian software program firm Atlassian, is a web-based company wiki designed for collaboration and data sharing inside enterprises. Initially launched in 2004 and constructed utilizing Java, Confluence has advanced into a flexible platform that facilitates seamless teamwork and documentation processes. With its built-in Tomcat net server and HSQL database, Confluence Standalone provides a self-contained resolution whereas additionally accommodating numerous different databases. Atlassian provides Confluence as enterprise software program, permitting organizations to decide on between on-premises deployment or a Software program-as-a-Service.

Vulnerability

Two high-severity Distant Code Execution (RCE) vulnerabilities have been recognized in Confluence Information Heart & Server.

The primary vulnerability, often known as CVE-2023-22505, was launched in model 8.0.0. It holds a CVSS Rating of 8, in line with Confluence’s evaluation, enabling an authenticated attacker to execute arbitrary code. This vulnerability poses a excessive threat to confidentiality, integrity, and availability, making it a crucial concern. Moreover, the attacker can exploit this flaw with out requiring any consumer interplay.

The second vulnerability, labeled CVE-2023-22508, was launched in model 6.1.0. With a CVSS Rating of 8.5 in line with Confluence’s evaluation, it shares comparable traits with the earlier one. An authenticated attacker can execute arbitrary code with out consumer interplay with a excessive affect on confidentiality, integrity, and availability.

Mitigation

CVE-2023-22505:

• Improve your occasion to the newest model of Confluence Information Heart & Server.
• For those who can’t improve to the newest model, improve to one of many mounted variations, particularly 8.3.2 or 8.4.0.

CVE-2023-22508:

• Improve your occasion to a Confluence characteristic launch equal to or larger than 8.2.0 (e.g., 8.2, 8.2, 8.4, and many others.).
• Alternatively, improve to a Confluence 7.19 LTS bugfix launch equal to or larger than 7.19.8 (e.g., 7.19.8, 7.19.9, 7.19.10, 7.19.11, and many others.) or a Confluence 7.13 LTS bugfix launch equal to or larger than 7.13.20 (Launch obtainable early August).

CVE-2023-38205: Adobe ColdFusion Entry Management Bypass

Background

Adobe ColdFusion is a flexible Java-based net utility improvement platform. It allows builders to create dynamic and data-driven net functions by seamlessly integrating server-side logic and database interactions into net pages utilizing ColdFusion Markup Language (CFML) combined with HTML. 

Vulnerability

This vulnerability, tracked as CVE-2023-38205 is a patch bypass for fixing a beforehand patched vulnerability, CVE-2023-29298 addressed in Adobe’s Safety Bulletin. The preliminary patch launched on July 11, 2023, for CVE-2023-29298, didn’t efficiently repair the difficulty and might be bypassed by an attacker. In keeping with Rapid7, the repair for the vulnerability was right in addressing a sound URL however may nonetheless be bypassed by supplying an invalid URL which might nonetheless bypass the repair and nonetheless permit entry to the anticipated endpoint with no legitimate URL path.

The next variations of ColdFusion are susceptible:

• Adobe ColdFusion 2023 Replace 2 and earlier variations
• Adobe ColdFusion 2021 Replace 8 and earlier variations
• Adobe ColdFusion 2018 Replace 18 and earlier variations

Mitigation

Adobe has launched a patch for mitigating this vulnerability on Jul 19, 2023, on this advisory. The patches are as follows:

• Replace 3 for ColdFusion 2023
• Replace 9 for ColdFusion 2021
• Replace 19 for ColdFusion 2018

CVE-2023-38408: Distant Code Execution in OpenSSH’s forwarded ssh-agent

Background

OpenSSH’s forwarded ssh-agent is a performance that permits customers to securely ahead their ssh-agent from one machine to a different throughout SSH connections. The ssh-agent manages non-public keys for SSH public key authentication. By means of agent forwarding, the consumer’s native ssh-agent could be utilized to authenticate connections to distant machines, eliminating the necessity to retailer non-public keys on these methods.

Vulnerability

In keeping with the advisory printed by researchers at Qualys, anybody who logs into a bunch managed by the attacker utilizing ssh-agent forwarding can probably open themselves as much as distant code execution by the attacker to the machine (base host) from which they logged into the attacker-controlled host.

The vulnerability stems from OpenSSH agent’s dealing with of the forwarded shared libraries on the distant host. When a base host’s ssh-agent is compiled with the ENABLE_PKCS11 flag — which is the default — the distant host can load (dlopen()) and instantly unload (dlclose()) any shared library in /usr/lib/* of the bottom host. This habits, nonetheless, doesn’t play nicely with many shared libraries, which can have unintended unwanted side effects. By chaining collectively such unwanted side effects, researchers may achieve distant code execution on the bottom host. Nevertheless, the researchers’ scope was restricted to Ubuntu Desktop 22.04 and 21.10.

Mitigation

• Use an up to date model of the OpenSSH library: 9.3p2
• Exploitation of the vulnerability could be prevented by not utilizing the ssh-agent forwarding choice to connect with the hosts that aren’t trusted by the consumer.

CVE-2023-20593: Cross-Course of Info Leak aka “Zenbleed”

On July 24, 2023, AMD disclosed a safety vulnerability (CVE-2023-20593) that affected a subset of Akamai cloud computing hosts working EPYC “Rome” CPUs. Please discover extra info in our latest weblog publish.