Common Weakness Enumeration

CWE-354

Allowed

Improper Validation of Integrity Check Value

Abstraction: Base · Status: Draft

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

231 vulnerabilities reference this CWE, most recent first.

GHSA-6WVF-F2VW-3425

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-02-25 18:39
VLAI
Summary
github.com/containers/image allows unexpected authenticated registry accesses
Details

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/image"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/image/v5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.30.0"
            },
            {
              "fixed": "5.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/image/v5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.29.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-3727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:38:29Z",
    "nvd_published_at": "2024-05-14T15:42:07Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
  "id": "GHSA-6wvf-f2vw-3425",
  "modified": "2025-02-25T18:39:25Z",
  "published": "2024-05-14T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3727"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/image/commit/e8948046055060605bd68289d406ce149590c33a"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0045"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9098"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9102"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9960"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-6wvf-f2vw-3425"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/image"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/image/releases/tag/v5.29.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/image/releases/tag/v5.30.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3718"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4159"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4613"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4850"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4960"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:5258"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:5951"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6054"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6122"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6708"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6818"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6824"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7164"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7174"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7182"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7187"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7922"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7941"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8260"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8425"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "github.com/containers/image allows unexpected authenticated registry accesses"
}

GHSA-757V-57MW-8GQ9

Vulnerability from github – Published: 2024-08-08 18:31 – Updated: 2024-08-19 21:35
VLAI
Details

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system\u0027s hard disk.",
  "id": "GHSA-757v-57mw-8gq9",
  "modified": "2024-08-19T21:35:07Z",
  "published": "2024-08-08T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24063"
    },
    {
      "type": "WEB",
      "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CF5-CV98-V7J6

Vulnerability from github – Published: 2025-12-22 06:30 – Updated: 2026-01-15 21:31
VLAI
Details

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-22T05:16:18Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.",
  "id": "GHSA-7cf5-cv98-v7j6",
  "modified": "2026-01-15T21:31:42Z",
  "published": "2025-12-22T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11543"
    },
    {
      "type": "WEB",
      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7FJP-X968-HG59

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-06T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package\u0027s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).",
  "id": "GHSA-7fjp-x968-hg59",
  "modified": "2022-05-24T17:41:13Z",
  "published": "2022-05-24T17:41:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9118"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7J39-H6J3-5G47

Vulnerability from github – Published: 2025-11-14 18:31 – Updated: 2025-11-14 18:31
VLAI
Details

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-14T18:15:47Z",
    "severity": "LOW"
  },
  "details": "An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to revert the browser\u2019s security controls.",
  "id": "GHSA-7j39-h6j3-5g47",
  "modified": "2025-11-14T18:31:39Z",
  "published": "2025-11-14T18:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4616"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4616"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7V42-G35V-XRCH

Vulnerability from github – Published: 2026-02-17 21:29 – Updated: 2026-02-20 16:44
VLAI
Summary
Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass
Details

Impact

An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison:

if matches!(digest, _expected_digest)

treated _expected_digest as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression.

As a consequence, digest verification could incorrectly return success even when the computed digest did not match the expected value.

Applications relying on Digest verification as part of HTTP message signature validation may therefore fail to detect message body modification. The severity depends on how the library is integrated and whether additional signature validation layers are enforced.


Patches

This issue has been fixed in:

  • httpsig-hyper >= 0.0.23

The fix replaces the incorrect matches! usage with proper value comparison and additionally introduces constant-time comparison for digest verification as defense-in-depth.

Regression tests have also been added to prevent reintroduction of this issue. Users are strongly advised to upgrade to the patched version.


Workarounds

There is no reliable workaround without upgrading. Users who cannot immediately upgrade should avoid relying solely on Digest verification for message integrity and ensure that full HTTP message signature verification is enforced at the application layer.


References

  • PR: https://github.com/junkurihara/httpsig-rs/pull/14
  • Follow-up hardening and test additions: https://github.com/junkurihara/httpsig-rs/pull/15
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "httpsig-hyper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T21:29:34Z",
    "nvd_published_at": "2026-02-19T22:16:46Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAn issue was discovered in `httpsig-hyper` where Digest header verification could incorrectly succeed due to misuse of Rust\u0027s `matches!` macro. Specifically, the comparison:\n\n```rust\nif matches!(digest, _expected_digest)\n```\n\ntreated `_expected_digest` as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression.\n\nAs a consequence, digest verification could incorrectly return success even when the computed digest did not match the expected value.\n\nApplications relying on Digest verification as part of HTTP message signature validation may therefore fail to detect message body modification. The severity depends on how the library is integrated and whether additional signature validation layers are enforced.\n\n---\n\n### Patches\n\nThis issue has been fixed in:\n\n- `httpsig-hyper` \u003e= 0.0.23\n\nThe fix replaces the incorrect `matches!` usage with proper value comparison and additionally introduces constant-time comparison for digest verification as defense-in-depth.\n\nRegression tests have also been added to prevent reintroduction of this issue. Users are strongly advised to upgrade to the patched version.\n\n---\n\n### Workarounds\n\nThere is no reliable workaround without upgrading. Users who cannot immediately upgrade should avoid relying solely on Digest verification for message integrity and ensure that full HTTP message signature verification is enforced at the application layer.\n\n---\n\n### References\n\n- PR: https://github.com/junkurihara/httpsig-rs/pull/14\n- Follow-up hardening and test additions: https://github.com/junkurihara/httpsig-rs/pull/15",
  "id": "GHSA-7v42-g35v-xrch",
  "modified": "2026-02-20T16:44:04Z",
  "published": "2026-02-17T21:29:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/junkurihara/httpsig-rs/security/advisories/GHSA-7v42-g35v-xrch"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26275"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junkurihara/httpsig-rs/pull/14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junkurihara/httpsig-rs/pull/15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junkurihara/httpsig-rs/commit/5533f596c650377e02f4aa9e3eb8dba591b87370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junkurihara/httpsig-rs/commit/65cbd19b395180a4bba09a89746c4b14ccb8d297"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/junkurihara/httpsig-rs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass"
}

GHSA-8477-3V39-GGPM

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-06-28 23:51
VLAI
Summary
Improper Validation of Integrity Check Value in Bouncy Castle
Details

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15on"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-5382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-28T23:51:50Z",
    "nvd_published_at": "2018-04-16T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type \"BKS-V1\" was introduced in 1.49. It should be noted that the use of \"BKS-V1\" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.",
  "id": "GHSA-8477-3v39-ggpm",
  "modified": "2022-06-28T23:51:50Z",
  "published": "2022-05-13T01:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5382"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2927"
    },
    {
      "type": "WEB",
      "url": "https://www.bouncycastle.org/releasenotes.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/306792"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Validation of Integrity Check Value in Bouncy Castle"
}

GHSA-8H22-6QWX-Q4W9

Vulnerability from github – Published: 2024-10-04 18:31 – Updated: 2024-11-05 18:34
VLAI
Summary
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Details

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ironic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "25.0.0"
            },
            {
              "fixed": "26.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ironic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "23.1.0"
            },
            {
              "fixed": "24.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ironic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "22.0.0"
            },
            {
              "fixed": "23.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ironic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "21.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-04T20:31:16Z",
    "nvd_published_at": "2024-10-04T18:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.",
  "id": "GHSA-8h22-6qwx-q4w9",
  "modified": "2024-11-05T18:34:25Z",
  "published": "2024-10-04T18:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47211"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/commit/2127cc4c93770778457fde0582c1bba258c67e02"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/commit/7a1292c569a84eb05806a57a89fca5bb6b0c4043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/commit/ebce0fd0845de411171127a55002ae7c9605de57"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/ironic"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/compare/24.1.2...26.1.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/security"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/ironic/tags"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2024-004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenStack Ironic fails to verify checksums of supplied image_source URLs"
}

GHSA-8H86-HHCQ-M432

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:01
VLAI
Details

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally.
Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. \u003cbr\u003e*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 69, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
  "id": "GHSA-8h86-hhcq-m432",
  "modified": "2024-04-04T02:01:49Z",
  "published": "2022-05-24T16:57:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11753"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1574980"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-25"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-26"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-27"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8J32-QM4M-RQJW

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-17 00:01
VLAI
Details

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-8j32-qm4m-rqjw",
  "modified": "2022-05-17T00:01:47Z",
  "published": "2022-05-06T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25946"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K52322100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.

CAPEC-145: Checksum Spoofing

An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.