CVE-2022-3251 Cookie in HTTPS session without 'secure' attribute in GitHub repository ikus060/minarca before 4.2.2.

This issue has been patched in 4.2.2, Keep in mind that 4.2.2 is still in development, so not all of the bugs have been fixed. You can check the list of fixed 4.2.2 issues on GitHub. You can read more about the new features in 4.2.2 on the official website.

Installation and Upgrade Instructions

You can find the .deb package for your Linux distribution on the Raspberry Pi website. In order to upgrade from 4.1 to 4.2, uninstall 4.1 using either apt-get or your operating system's built-in package manager, then install 4.2 using apt-get or your operating system's built-in package manager. For example:

sudo apt-get remove raspbian*
sudo apt-get update && sudo apt-get upgrade

Installation and configuration of firewall

The installation of Firewall is easy. First, you will need to download the software from the official website. Once you have downloaded the software and have it installed on your computer, you should configure it by following the steps on this page.

Summary of the 4.2.2 MongoDB security update

The 4.2.2 security update for MongoDB fixes many bugs, including a critical vulnerability in the authenticated encryption functionality (CVE-2022-3251).
This vulnerability is triggered when a client sends an encrypted request with an incorrect length value in the key field. If the response to the request contains this faulty payload, then it will be decrypted with incorrect data. This allows an attacker to impersonate other users and decrypt confidential information. A fix has been implemented in 4.2.2, so you should update your database as soon as possible!

Keep your finger on the pulse of the 4.2.2 development

If you're a developer, it's important to keep up with what's going on in the 4.2.2 development branch. This way, you can benefit from bug fixes found in the latest version of WordPress and avoid potential security issues like CVE-2022-3251.
The following steps will help you stay updated on 4.2.2 development:
- Follow @wordpressdev on Twitter
- Check out the dev mailing list
- Subscribe to WP Weekly newsletters from our blog

4.2.2 – Features at a glance

In 4.2.2, there are a few new features. One of them is the option to hide or show your email address on the contact page. Another important feature is that we now have a hidden menu in the navigation bar with quick links to our support forum and community portal. Other minor changes include some visual improvements to our theme and CSS, as well as some bug fixes in the source code of each plugin.
I recommend updating to 4.2.2 if you're currently using it or have updated recently though; otherwise, there might be some glitches you didn't notice before.

Timeline

Published on: 09/21/2022 17:15:00 UTC
Last modified on: 09/23/2022 16:56:00 UTC

References

• https://github.com/ikus060/minarca/commit/7b5c7e6cbd59268d5cd4f1b5f42e721db116f71a
• https://huntr.dev/bounties/b9a1b411-060b-4235-9426-e39bd0a1d6d9
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3251