Privilege Escalation in Edit and Create Secret Endpoints Leads to Unauthorized Secret Modification

Bug reported by Ahmed Esmail was disclosed at April 24, 2025, 6:43 am   |   Improper Access Control - Generic

The vulnerability allows a user with the Builder role to list all existing secret names, create new secrets, and overwrite existing secrets by using the same name. This behavior violates permission boundaries and leads to privilege escalation and unauthorized access to sensitive data.

Non-Production API Endpoints for the ssm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

Bug reported by Nick Frichette (Datadog) was disclosed at April 24, 2025, 1:39 am   |   Insufficient Logging

The non-production API endpoints for the ssm service were found to fail to log to CloudTrail, resulting in silent permission enumeration. Eighteen non-production endpoints were identified that can be used with standard IAM credentials without generating CloudTrail logs.

Groups module can halt chain when handling a proposal with malicious group weights

Bug reported by William Bowling was disclosed at April 23, 2025, 11:00 pm   |  

The Cosmos SDK's groups module contained a vulnerability that could cause a chain to halt when handling a proposal with malicious group weights. The issue was triggered by a division operation that could fail due to the exponent of the resulting value being out of range, leading to a panic and chain halt. This was possible because there were no limits on group member weights, allowing the creation of malicious weights that could trigger the vulnerability.

UI flaw allows unauthorized users to add documents to restricted folders

Bug reported by Karim Belfodil was disclosed at April 23, 2025, 7:26 pm   |   Improper Access Control - Generic

The UI flaw allowed unauthorized users to add documents to restricted folders. The vulnerability bypassed intended permissions and could lead to unauthorized access or data integrity issues.

Unauthorized Table Creation by Member

Bug reported by B moussa was disclosed at April 23, 2025, 7:06 pm   |   Improper Access Control - Generic

The member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders (admins) should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully create and save a new table.

Remote memory exhaustion in Epee RPC stack under zero Receive Window

Bug reported by sagewilder2022 was disclosed at April 23, 2025, 1:53 pm   |   Uncontrolled Resource Consumption

The Epee RPC stack in Monero was vulnerable to memory exhaustion attacks. Delayed ACK or zero Receive Window advertisements could cause the server to keep responses in the send queue until memory was exhausted. This could lead to remote crashes of Monero nodes that exposed their RPC interfaces.