Skip to main content
View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Explore Blog
Categories
14
  1. Cloud Consulting Services
    4
  2. Cloud Overviews
    50
  3. Compute
    15
  4. Containers (Kubernetes, Docker)
    33
  5. Databases
    19
  6. Developer Tools
    37
  7. Linode
    254
  8. Linux
    69
  9. Multicloud
    4
  10. Networking
    32
  11. Open Source
    5
  12. Partner Network
    7
  13. Security
    60
  14. Storage
    22
Authors 52
  1. Austin Gil 1
  2. Abe Massry 2
  3. Al Newkirk 1
  4. Alexander Newnham 2
  5. Andrew Sauber 1
  6. Andrew Stebbins 2
  7. Andy Stevens 5
  8. Bradley LaBoon 1
  9. Blair Lyon 11
  10. Billy Thompson 10
  11. Christopher Aker 176
  12. Cassie Bubnis 1
  13. Daniele Polencic 4
  14. David Monschein 2
  15. David Rodriguez 1
  16. Dan Spataro 2
  17. Elvis Segura 1
  18. Gardiner Bryant 1
  19. Holden Morris 4
  20. Hillary Wilmoth 67
  21. Jim Ackley 5
  22. Jessica Capuano Mora 1
  23. Justin Cobbett 15
  24. Jon Frederickson 1
  25. Jonathan Hill 2
  26. Justin Mitchel 4
  27. James Steel 5
  28. Jamie Sherkness 8
  29. Linode 52
  30. Linode Events 8
  31. The Linode Security Team 122
  32. The Linode Network & Security Teams 1
  33. LINQ 1
  34. Leslie Salazar 1
  35. Michelle Berg 1
  36. Mitch Donaberger 1
  37. Mike Fischler 1
  38. Mike Maney 10
  39. Maddie Presland 18
  40. Mike Quatrani 4
  41. Nathan Melehan 2
  42. Nigel Poulton 1
  43. Prasoon Pushkar 1
  44. Rick Myers 7
  45. Richard Tubb 1
  46. Sal Carrasco 1
  47. Salman Iqbal 1
  48. Shawn Michels 1
  49. Linode Support 13
  50. Tom Asaro 18
  51. Travis Baka 1
  52. Talia Nassi 8
BlogSecurityLinode Security Digest May 8-May 15, 2023

Linode Security Digest May 8-May 15, 2023

Linode
The Linode Security Team
May 12, 2023
Linode Security Digest

In this week’s digest, we will discuss the following:

  • An XSS vulnerability in a Highly Popular WordPress Plugin, Advanced Custom Fields;
  • cPanel XSS Vulnerability; and
  • a Potential Information Exposure Vulnerability in Flask
CVE-2023-30777: Advanced Custom Fields (ACF) and ACF Pro WordPress Plugin: Unauthenticated XSS 

Background

Advanced Custom Fields (ACF) and ACF Pro, the free and pro versions of the ACF plugins, respectively, is a highly popular WordPress plugin with over two million active installations. This plugin makes it easy to add and manage content fields in the WordPress edit screen. You can read here to find out how you can spin up your own WordPress website on a Linode Compute Instance.

Vulnerability

The vulnerability tracked as CVE-2023-30777 exists in ACF and ACF Pro plugin versions 6.1.5 and below. It is a reflected XSS vulnerability that allows an attacker to inject malicious scripts on vulnerable websites by tricking a user into visiting a crafted URL. If the victim is a privileged user, the attacker can potentially steal sensitive information such as cookies or session tokens and escalate their privileges.

The vulnerability lies in a function handler admin_body_class that does not properly sanitize user input that is passed to a variable. This allows an attacker to directly concatenate harmful code, such as a DOM XSS payload, to the variable, which contains the body class string.

Mitigation

  • This vulnerability has been fixed in version 6.1.6 of the plugin. It is strongly recommended to update the plugin to the latest version.
CVE-2023-29489: cPanel: XSS on the cpsrvd Error Page via Invalid Web Call

Background

cPanel is a widely used web hosting control panel used by website owners, administrators, and hosting providers to manage and control various aspects of their websites and hosting accounts. It provides a Linux-based GUI that allows users to easily manage their website files, create email accounts, set up databases, install applications, manage domains and subdomains, and perform various other administrative tasks.

Vulnerability

The vulnerability tracked as CVE-2023-29489, is a reflected XSS present in cPanel versions before 11.109.9999.116. The vulnerability arises when an invalid web call is called with its ID containing XSS content. The vulnerability is present in the cpsrvd binary, which provides the core functionalities for cPanel. It performs improper validation of user-supplied content by the cpsrvd error page. An XSS attack is triggered when the error page contains the XSS content. This vulnerability does not require any authentication and even affects management ports that are not exposed externally.

Mitigation

  • The vulnerability has been fixed in versions 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. Upgrading to these versions is recommended to fix this issue.

Background

Flask is a lightweight web application framework written in Python. It provides a simple and flexible way to build web applications by leveraging the Python programming language. It focuses on simplicity and extensibility by not imposing any particular way of structuring an application. Flask also has a rich ecosystem of extensions allowing developers to choose the components they need for their project.

Vulnerability

The vulnerability is tracked as CVE-2023-30861. The affected versions of Flask packages are versions 2.3.0, 2.3.1, and 2.2.4 and below. It is a potential information exposure vulnerability where a response containing data intended for one client may be cached by a proxy and sent to another client. Depending on how the proxy handles cookies, it may also send session cookies to an unintended client. The vulnerability requires particular conditions to be met:

  1. The caching proxy sitting in front of the Flask web application does not strip cookies or ignore responses with cookies.
  2. The web application sets the session.permanent field to True.
  3. The web application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST is enabled, which is the default setting.
  5. The web application does not set a Cache-Control header to specify the page should not be cached.
  6. If the proxy also caches Set-Cookie headers, it may also send a client’s session cookie to an unintended client.

This vulnerability is caused due to vulnerable versions of Flask not setting the Vary: Cookie header when the session is refreshed without being accessed or modified.

Mitigation

  • This vulnerability was patched in Flask package versions 2.2.5 and 2.3.2. Upgrading to these versions is recommended.

You might also like...

How to Protect Yourself from Ransomware Attacks featuring Steve Winterfeld, featured image.

How To Protect Yourself From Ransomware Attacks | Steve Winterfeld, Akamai

In this video, Steve Winterfeld, Advisory CISO at Akamai, shares advice on how companies can protect themselves from ransomware attacks.
Security
Wazuh is a Cybersecurity Powerhouse featuring Code with Harry.

Wazuh is a Cybersecurity Powerhouse | Expert Open Source Security Monitoring & Response

@CodeWithHarry covers Wazuh, an open-source security platform used for collecting and analyzing security data.
Security
Introduction to Server Security.
Talia Nassi

Introduction to Server Security

Oct 30, 2023
by Talia Nassi
Server security is vital to an effective cloud environment. Learn about it here.
Security

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *