Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. Soft Serve is a self-hostable Git server for the command line. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. There are no known workarounds for this vulnerability. Version 2023.7 addresses this issue and all users are advised to upgrade. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |