Detectify Security Updates for September 17

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings,  features and improvements sourced from our security researchers. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. 

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

We added these tests to the Detectify scanner from August 31 – September 4.

CVE-2020-24312: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

This module checks if WordPress sites have directory listing enabled for the backup directory used by File Manager. If enabled an attacker will be able to list all files and sub-directories in the backup directory, which can lead to sensitive data exposure.

CVE-2020-15506: MobileIron Core Authentication Bypass / RCE

An authentication bypass vulnerability exists in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass the authentication mechanism. This would allow attackers to access services and the admin panel.

CVE-2020-5412: Netflix Hystrix Dashboard Proxy SSRF

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. This would allow an attacker to reach systems on the same intranet as the affected application.

Atlassian Confluence Information Disclosures

A number of Information Disclosure 0-days in Atlassian Confluence plugins have been released: Jira Workflow Toolbox, Linchpin Enterprise News, and Space Admin for Confluence.

Atlassian Jira Plugin

A number of Information Disclosure 0-days in Atlassian Jira plugins have been released: Helix ALM for Jira, OBSS Jira Admin Tools, Surveys for Jira

WordPress Plugin File Manager (wp-file-manager) RCE

This modules searches for a remote code execution vulnerability in the WordPress plugin File Manager.

Google Cloud Ignore File Exposure

This module looks for Google Cloud ignore files. The .gcloudignore file contains paths that should be excluded when building the program. These paths can disclose the location of various build secrets.

Google Compute Engine Private Key Disclosure

This module looks for exposed Google Compute Engine private keys. The private key may be used to interact with the service for which it belongs.

Oracle WebCenter Help Page XSS

An XSS vulnerability exists in the Oracle WebCenter Help Page. An attacker will be able to inject arbitrary HTML on the affected site and can run arbitrary JavaScript under the origin.