ID: 15689
Title: Dependency updates
Component: Core & setup
Level: 1
Class: Security fix
Version: 2.2.0p5
This Werk updates several dependencies such as openssl, various python dependencies, etc.
To our knowledge among the vulnerabilities fixed in those dependencies only CVE-2023-32681 could be exploited.
This vulnerability could cause a <tt>Proxy-Authorization</tt> header leakage.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 6.1 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N</tt>.
ID: 15890
Title: user: read permissions are now checked in the request schema before delete/edit/create user
Component: REST API
Level: 1
Class: Security fix
Version: 2.3.0b1
Prior to this Werk an authenticated user was able to enumerate username with the RestAPI.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
<b>Indicators of Compromise</b>:
You can check <tt>var/log/apache/access_log</tt> for a unusual amount of requests to the user_config RestAPI endpoints.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</tt>.
We assigned CVE-2023-22359 to this vulnerability.
<b>Changes</b>:
When calling either of the following endpoints, a 401 will be returned if
the client user doesn't have permission to read users.
POST /domain-types/user_config/collections/all
PUT /objects/user_config/{username}
DELETE /objects/user_config/{username}