resolved
Privilege Escalation in Edit and Create Secret Endpoints Leads to Unauthorized Secret Modification
Bug reported by Ahmed Esmail was disclosed at April 24, 2025, 6:43 am | Improper Access Control - Generic
The vulnerability allows a user with the Builder role to list all existing secret names, create new secrets, and overwrite existing secrets by using the same name. This behavior violates permission boundaries and leads to privilege escalation and unauthorized access to sensitive data.
resolved
Non-Production API Endpoints for the ssm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Bug reported by Nick Frichette (Datadog) was disclosed at April 24, 2025, 1:39 am | Insufficient Logging
The non-production API endpoints for the ssm service were found to fail to log to CloudTrail, resulting in silent permission enumeration. Eighteen non-production endpoints were identified that can be used with standard IAM credentials without generating CloudTrail logs.
resolved
Groups module can halt chain when handling a proposal with malicious group weights
Bug reported by William Bowling was disclosed at April 23, 2025, 11:00 pm |
The Cosmos SDK's groups module contained a vulnerability that could cause a chain to halt when handling a proposal with malicious group weights. The issue was triggered by a division operation that could fail due to the exponent of the resulting value being out of range, leading to a panic and chain halt. This was possible because there were no limits on group member weights, allowing the creation of malicious weights that could trigger the vulnerability.
resolved
UI flaw allows unauthorized users to add documents to restricted folders
Bug reported by Karim Belfodil was disclosed at April 23, 2025, 7:26 pm | Improper Access Control - Generic
The UI flaw allowed unauthorized users to add documents to restricted folders. The vulnerability bypassed intended permissions and could lead to unauthorized access or data integrity issues.
resolved
Unauthorized Table Creation by Member
Bug reported by B moussa was disclosed at April 23, 2025, 7:06 pm | Improper Access Control - Generic
The member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders (admins) should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully create and save a new table.
resolved
Remote memory exhaustion in Epee RPC stack under zero Receive Window
Bug reported by sagewilder2022 was disclosed at April 23, 2025, 1:53 pm | Uncontrolled Resource Consumption
The Epee RPC stack in Monero was vulnerable to memory exhaustion attacks. Delayed ACK or zero Receive Window advertisements could cause the server to keep responses in the send queue until memory was exhausted. This could lead to remote crashes of Monero nodes that exposed their RPC interfaces.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
