Publish Advisories

GHSA-q5hg-wppq-r2cc
GHSA-xrv8-2pf5-f3q7
GHSA-q5hg-wppq-r2cc

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-q5hg-wppq-r2cc/GHSA-q5hg-wppq-r2cc.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q5hg-wppq-r2cc",
+  "modified": "2025-12-05T18:58:59Z",
+  "published": "2025-12-04T15:30:33Z",
+  "aliases": [
+    "CVE-2025-65346"
+  ],
+  "summary": "alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality",
+  "details": "alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "alexusmai/laravel-file-manager"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.3.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65346"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Theethat-Thamwasin/CVE-2025-65346"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/alexusmai/laravel-file-manager"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-05T18:58:07Z",
+    "nvd_published_at": "2025-12-04T15:15:59Z"
+  }
+}

advisories/github-reviewed/2025/12/GHSA-xrv8-2pf5-f3q7/GHSA-xrv8-2pf5-f3q7.json

@@ -0,0 +1,79 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xrv8-2pf5-f3q7",
+  "modified": "2025-12-05T18:57:55Z",
+  "published": "2025-12-05T18:57:55Z",
+  "aliases": [],
+  "summary": "nitro-tpm-pcr-compute may allow kernel command line modification by an account operator",
+  "details": "## Summary\n\nAdding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation.\n\nAttestable AMIs are based on the systemd Unified Kernel Image (UKI) concept which uses systemd-boot to create a single measured UEFI binary from a Linux kernel, its initramfs, and kernel command line. The embedded kernel command line contains a dm-verity hash value that establishes trust in the root file system.\n\nWhen UEFI Secure Boot is disabled, systemd-boot appends any command line it receives to the kernel command line. Account operators with the ability to modify UefiData can install a boot variable with a command line that deactivates root file system integrity validation, while preserving the original PCR4 value.\n\nSystemd-boot provides separate measurement of command line modifications in PCR12.\n\n## Impact\n\nIn line with the TPM 2.0 specification and systemd-stub logic, KMS policies that do not include validation for PCR12 (command line measurement) or PCR7 (enabled Secure Boot) may allow kernel command line modification by an account operator.\n\n## Patches \n\nVersion 1.1.0 of nitro-tpm-pcr-compute has been updated to include PCR12 with a static zero value. The updated tool now outputs PCR12 in the JSON measurements:\n\n```json\n{\n  \"Measurements\": {\n    \"HashAlgorithm\": \"SHA384\",\n    \"PCR4\": \"<hex string>\",\n    \"PCR7\": \"<hex string>\",\n    \"PCR12\": \"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\"\n  }\n}\n```\n\n## Workarounds\n\nFor users who cannot upgrade to version 1.1.0 of nitro-tpm-pcr-compute immediately, the following workarounds are available:\n\n1. **Manually add PCR12 to KMS policies:** Add PCR12 with a static zero value to your AWS KMS key policies:\n\n```txt\nkms:RecipientAttestation:NitroTPMPCR12:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n```\n\n2. **Enable and validate UEFI Secure Boot:** Configure your Attestable AMI to use UEFI Secure Boot and validate its enablement via PCR7 in your KMS policy. When UEFI Secure Boot is active, the command line cannot be overwritten.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "nitro-tpm-pcr-compute"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/nitrotpm-attestation-samples/security/advisories/GHSA-xrv8-2pf5-f3q7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/attestable-ami.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/NitroTPM-Tools"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/NitroTPM-Tools/blob/main/CHANGELOG.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/NitroTPM-Tools/releases/tag/v1.1.0"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/aws/nitrotpm-attestation-samples"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-05T18:57:55Z",
+    "nvd_published_at": null
+  }
+}