https://skelmis.co.nz/tags/advisories/ Recent content in Advisories on Skelmis Hugo en Mon, 05 Aug 2024 00:00:00 +0000 https://skelmis.co.nz/posts/cve-2024-41808/ Mon, 05 Aug 2024 00:00:00 +0000 https://skelmis.co.nz/posts/cve-2024-41808/ This is a cross post from a research group blog post I made which can be found here OpenObserve vulnerability chain Link to heading TL;DR - OpenObserve deployments using version 0.9.1 or lower are vulnerable to the following privilege escalation chain: A malicious user submits logs via a service which sends logs to an OpenObserve instance. These logs contain malicious content. A site user attempts to create a dashboard, using the logging field containing malicious input. https://skelmis.co.nz/posts/cve-2024-37893/ Tue, 18 Jun 2024 00:00:00 +0000 https://skelmis.co.nz/posts/cve-2024-37893/ TL;DR - Even with MFA enabled on firefly III versions v6.1.16 and lower, an attacker is able to authorize OAuth applications against user accounts using only a username and password. Advisory can be found here. Firefly III is a personal finance manager which is both free and open source for anyone to use. After a recommendation from a colleague, I decided to spin up a version for myself. I configured my Firefly account with a strong password + MFA. https://skelmis.co.nz/posts/cve-2023-41885/ Mon, 18 Sep 2023 00:00:00 +0000 https://skelmis.co.nz/posts/cve-2023-41885/ It started as “bring password hashing inline with industry best practices” and two weeks later ended as “BaseUser.login implementation is vulnerable to time based user enumeration”. So here’s how a PR to bring a package inline with security best practices lead to a CVE. Recently I moved, and am still in the processing of moving my websites to an ORM called Piccolo which provides a nice database layer, batteries included approach to working with FastAPI while allowing me; a former Django developer; the ability to easily build data driven platforms without the need to write SQL.