This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push: new c25f0f890 [OPENMEETINGS-2739] security page is updated c25f0f890 is described below commit c25f0f89028d245cf563cc51b6578cee95bd58b9 Author: Maxim Solodovnik <solomax...@gmail.com> AuthorDate: Tue Mar 28 16:45:26 2023 +0700 [OPENMEETINGS-2739] security page is updated --- openmeetings-server/src/site/xdoc/security.xml | 53 ++++++++++++++++---------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml index 4bc4df73e..e210ccf91 100644 --- a/openmeetings-server/src/site/xdoc/security.xml +++ b/openmeetings-server/src/site/xdoc/security.xml @@ -45,10 +45,21 @@ Please NOTE: only security issues should be reported to this list. </p> </section> + <section name="CVE-2023-28326: Apache OpenMeetings: allows user impersonation"> + <p>Severity: Critical</p> + <p>Vendor: The Apache Software Foundation</p> + <p>Versions Affected: from 2.0.0 before 7.0.0</p> + <p>Description: Attacker can elevate their privileges in any room<br/> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28326">CVE-2023-28326</a> + </p> + <p>The issue was fixed in 7.0.0<br/> + All users are recommended to upgrade to Apache OpenMeetings 7.0.0</p> + <p>Credit: This issue was identified by Dennis Zimmt</p> + </section> <section name="CVE-2021-27576 - Apache OpenMeetings: bandwidth can be overloaded with public web service"> <p>Severity: Low</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: 4.0.0 - 5.1.0</p> + <p>Versions Affected: from 4.0.0 before 6.0.0</p> <p>Description: NetTest web service can be used to overload the bandwidth of the server<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27576">CVE-2021-27576</a> </p> @@ -59,7 +70,7 @@ <section name="CVE-2020-13951 - Apache Openmeetings: DoS via public web service"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: 4.0.0 - 5.0.0</p> + <p>Versions Affected: from 4.0.0 before 5.0.1</p> <p>Description: NetTest web service can be used to perform Denial of Service attack<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13951">CVE-2020-13951</a> </p> @@ -92,7 +103,7 @@ <section name="CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls"> <p>Severity: Medium</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.0.0 - 4.0.1</p> + <p>Versions Affected: from 3.0.0 before 4.0.2</p> <p>Description: CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1286">CVE-2018-1286</a> @@ -104,7 +115,7 @@ <section name="CVE-2017-7663 - Apache OpenMeetings - XSS in chat"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.2.0</p> + <p>Versions Affected: 3.2.0</p> <p>Description: Both global and Room chat are vulnerable to XSS attack<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7663">CVE-2017-7663</a> </p> @@ -115,7 +126,7 @@ <section name="CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.1.0</p> + <p>Versions Affected: from 3.1.0 before 3.3.0</p> <p>Description: Uploaded XML documents were not correctly validated<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7664">CVE-2017-7664</a> </p> @@ -126,7 +137,7 @@ <section name="CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache Openmeetings is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7666">CVE-2017-7666</a> @@ -138,7 +149,7 @@ <section name="CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection<br/> @@ -151,7 +162,7 @@ <section name="CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy"> <p>Severity: Low</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.<br/> @@ -164,7 +175,7 @@ <section name="CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services"> <p>Severity: High</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings is vulnerable to SQL injection This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the @@ -178,7 +189,7 @@ <section name="CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass"> <p>Severity: Medium</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.2.0</p> + <p>Versions Affected: 3.2.0</p> <p>Description: Apache OpenMeetings is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7682">CVE-2017-7682</a> @@ -190,7 +201,7 @@ <section name="CVE-2017-7683 - Apache OpenMeetings - Information Disclosure"> <p>Severity: Lowest</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings displays Tomcat version and detailed error stack trace which is not secure.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7683">CVE-2017-7683</a> @@ -202,7 +213,7 @@ <section name="CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload"> <p>Severity: Low</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server<br/> @@ -215,7 +226,7 @@ <section name="CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods"> <p>Severity: Lowest</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetingsrespond to the following insecure HTTP Methods: PUT, DELETE, HEAD, and PATCH.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7685">CVE-2017-7685</a> @@ -227,7 +238,7 @@ <section name="CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update"> <p>Severity: Low</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.0.0</p> + <p>Versions Affected: from 1.0.0 before 3.3.0</p> <p>Description: Apache OpenMeetings updates user password in insecure manner.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7688">CVE-2017-7688</a> </p> @@ -238,7 +249,7 @@ <section name="CVE-2017-5878 - RED5/AMF Unmarshalling RCE"> <p>Severity: Critical</p> <p>Vendor: Red5</p> - <p>Versions Affected: Apache OpenMeetings 3.1.3 and earlier</p> + <p>Versions Affected: before 3.1.4</p> <p>Description: The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.<br/> @@ -251,7 +262,7 @@ <section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE"> <p>Severity: Moderate</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.1.0</p> + <p>Versions Affected: from 3.1.0 before 3.1.2</p> <p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8736">CVE-2016-8736</a> </p> @@ -262,7 +273,7 @@ <section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel"> <p>Severity: Moderate</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 3.1.0</p> + <p>Versions Affected: from 3.1.0 before 3.1.2</p> <p>Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS.<br/> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a> @@ -273,7 +284,7 @@ <section name="CVE-2016-0783 - Predictable password reset token"> <p>Severity: Critical</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p> + <p>Versions Affected: from 1.9.x before 3.1.1</p> <p>Description: The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings @@ -286,7 +297,7 @@ <section name="CVE-2016-0784 - ZIP file path traversal"> <p>Severity: Moderate</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p> + <p>Versions Affected: from 1.9.x before 3.1.1</p> <p>Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via specially crafted file names within ZIP archives. By uploading an archive containing a file named @@ -302,7 +313,7 @@ <section name="CVE-2016-2163 - Stored Cross Site Scripting in Event description"> <p>Severity: Moderate</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p> + <p>Versions Affected: from 1.9.x before 3.1.1</p> <p>Description: When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As @@ -316,7 +327,7 @@ <section name="CVE-2016-2164 - Arbitrary file read via SOAP API"> <p>Severity: Critical</p> <p>Vendor: The Apache Software Foundation</p> - <p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p> + <p>Versions Affected: from 1.9.x before 3.1.1</p> <p>Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call.<br/>