Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Tag: Security Advisory

SBA Security Advisory – CloudLinux CageFS – Token Disclosure (CVE-2020-36771)

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. We recommend to update CloudLinux CageFS to version 7.1.2-2 or later. For further details, see the full security advisory. Read More

SBA Security Advisory – Shibboleth Identity Provider OIDC OP Plugin – Server-Side Request Forgery (CVE-2022-24129)

Shibboleth Identity Provider OIDC OP plugin 3.0.3 or below is prone to a server-side request forgery (SSRF) vulnerability due to an insufficient restriction of the request_uri parameter. This allows unauthenticated attackers to interact with arbitrary third-party HTTP services. We recommend to update Shibboleth Identity Provider OIDC OP plugin to version 3.0.4 or later. For further details, see the full security advisory. Read More

SBA Security Advisory – WordPress Plugin – Broken Link Checker – Reflected XSS (CVE-2019-16521)

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product. Read More