Emergency Vulnerability Bulletin - 02/06/23

2/6/23 4:53 PM  |  by RedLegg Blog

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.


OpenSSH Pre-Authentication Double-Free Vulnerability

Identifier: CVE-2023-25136
Exploit or POC: No
Update: Affected products have reached end-of-life (EoL). Vendor will not be releasing updates for the indicated vulnerability. See Cisco Security Advisories for more information:

Description: CVE-2023-25136 contains a double-free memory fault vulnerability that occurs during options.kex_algorithms handling. Authentication is not required for successful exploitation. This vulnerability appears in the unprivileged pre-auth process which is subject to chroot and is further sandboxed on most major platforms. 

Mitigation recommendation: Patching is currently the only method of mitigation. 
RedLegg Action:  None at this time.

Jira Service Management Server & Data Center Broken Authentication Vulnerability

Identifier: CVE-2023-22501
Exploit or POC: No


Description: CVE-2023-22501 contains a broken authentication vulnerability. Successful exploitation could allow an adversary to pose as a targeted user in the interest of securing access to a Jira Service Management instance with specified parameters. An adversary with write access to a User Directory, coupled with outgoing email enabled could gain access to signup tokens sent to user accounts that have never been logged into. Token access can be achieved in two cases: 
  • If the adversary is included on Jira issues or requests with these users.
  • If the adversary is forwarded or otherwise gains access to emails containing a “View Request” link from these users. 

Single sign-on customers with external accounts may also be impacted in projects where anyone account creation permissions. Bot accounts are also particularly susceptible in this scenario. 

Mitigation recommendation: Patching is currently the only method of mitigation.  
RedLegg Action:  None at this time.


Critical Security Vulnerabilities Bulletin