GHSA-FCW4-WWQM-M8CF

PraisonAI Code agent tools fail open without a workspace boundary

CVE-2024-23897 was a critical arbitrary file read vulnerability in the Jenkins automation server, identified by Sonar's Vulnerability Research and disclosed in the Jenkins security advisory on January 24, 2024, affecting Jenkins weekly up to 2.441 and LTS up to 2.426.2. Jenkins parses built-in CLI command arguments with the args4j library, whose expandAtFiles feature is enabled by default and replaces an argument that begins with an @ character followed by a file path with the contents of that file; because Jenkins never disabled this, an attacker could pass @/path/to/file as a CLI argument to make the controller read and disclose files from its filesystem. Unauthenticated attackers could read the first few lines of arbitrary files, while attackers with Overall/Read permission could read entire files, enabling theft of secrets, SSH keys, and credentials. The leaked binary secret keys could then be chained into full remote code execution by forging Remember-me cookies, abusing Resource Root URLs, bypassing CSRF protection, or decrypting stored secrets. The flaw was added to the CISA KEV catalog on August 19, 2024 and was actively exploited, including by the RansomEXX ransomware gang and the actor IntelBroker, and was linked to breaches at BORN Group and Brontoo Technology Solutions.

CVE-2022-24348 was a high-severity (CVSS 7.7) path traversal vulnerability in Argo CD, the GitOps continuous delivery tool for Kubernetes, discovered by Apiiro and disclosed in early February 2022, affecting Argo CD before 2.1.9 and 2.2.x before 2.2.4. An attacker with permission to create or update Argo CD applications could craft a malicious Kubernetes Helm chart whose values file was a symbolic link pointing outside the repository root, or pass arbitrary values files, so that when Argo CD's Helm chart processing dereferenced the link it read files belonging to other applications on the repo server. This broke the multi-tenant isolation boundary of the CD layer, letting the attacker exfiltrate sensitive data from neighboring tenants, including secrets in encrypted value files decrypted to disk by plugins such as git-crypt or SOPS, and use verbose Helm error messages to enumerate the filesystem. The issue was fixed in Argo CD 2.1.9, 2.2.4, and 2.3.0; it was treated as a zero-day at disclosure but was not associated with named ransomware operators.

Anki's local HTTP server does not sufficiently validate requests

SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field

SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter