IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review IBM Security Advisories dated 27^th February 2024 and apply necessary updates.

Advisory No: TZCERT/SA/2024/02/29

Date of First Release: 28^th February 2024

Source: securityaffairs

Software Affected:

• LiteSpeed Cache plugin for WordPress

Overview:

LiteSpeed Cache plugin for WordPress is affected by a vulnerability tracked as CVE-2023-40000 which allows unauthenticated site-wide stored XSS. Remote attacker can exploit the vulnerability to steal sensitive information or gain escalated privilege on the WordPress site.

Description:

The plugin LiteSpeed Cache (free version), a popular caching plugin in WordPress with over 4 million active installations is vulnerable due to the way it handles input from the user as it does not sanitize and escape the output. The vulnerability resides in the function ‘update_cdn_status’; where it stems from the construction of an HTML value directly from the POST body parameter for the admin notice message. Successful exploitation of this vulnerability allows unauthenticated stored XSS resulting in to stealing of sensitive information or privilege escalation on the WordPress site with a single HTTP request

Impact:

Successful exploitation of this vulnerability may allow the remote attacker to gain access to sensitive information.

Solution:

WordPress has released security update to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

1. https://securityaffairs.com/159667/hacking/litespeed-cache-plugin-xss.html

Slackware has released security updates to address vulnerabilities in thunderbird, firefox and libuv. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Slackware Security Advisories SSA:2024-052-01, SSA:2024-051-01 and SSA:2024-051-02 and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2024:0937, RHSA-2024:0934, RHSA-2024:0833 and RHSA-2024:0930 and apply necessary updates.

GitLab has released security updates to address vulnerabilities in GitLab Release 16.9.1, 16.8.3 and 16.7.6. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review GitLab Security Advisory and apply necessary updates.