Package Instance

Weblate: Improper access control for pending tasks in API
### Impact
The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope.

### Patches
* https://github.com/WeblateOrg/weblate/pull/18515

### Workarounds
The attacker needs to guess the random UUID of the task, so exploiting this is unlikely with the default API rate limits.

### References
This issue was identified by Michal Čihař.

Weblate Doesn't Invalidate API Token on Password Change
### Impact
When a user changes their password, browser sessions are correctly invalidated via `cycle_session_keys()`, but DRF API tokens (`wlu_*` prefix) stored in `authtoken_token` are not revoked.

### Patches
* https://github.com/WeblateOrg/weblate/pull/19057

### Resources
Weblate thanks Sang Yu Jeon for reporting this via GitHub.

Weblate has an argument injection in management console
The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`.

Weblate: Arbitrary File Read via Symlink
### Impact

The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository.

### Patches

* https://github.com/WeblateOrg/weblate/pull/18683

### References

Thanks to @DavidCarliez for reporting this vulnerability via GitHub.

Weblate has an arbitrary file read via symbolic links
It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository.

Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
### Impact
An authenticated user with `project.add` permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose `components/<name>.json` contains an attacker-chosen `repo` URL pointing at a **private address** (e.g. `http://127.0.0.1:9999/`) or using a **non-allow-listed scheme** (e.g. `file://`, `git://`). Weblate persists the component via `Component.objects.bulk_create([component])[0]`, which bypasses Django's `full_clean()` and therefore never runs the `validate_repo_url` validator. The URL is subsequently written verbatim into `.git/config` by `configure_repo(pull=False)`.

### Patches
* https://github.com/WeblateOrg/weblate/pull/19061
* https://github.com/WeblateOrg/weblate/pull/19062 

### Workarounds
Limiting who can create projects limits the scope.

### Resources
Weblate thanks @fg0x0 for reporting this vulnerability via GitHub.

Weblate: SSRF via Project-Level Machinery Configuration
### Impact
A user with the `project.edit` permission (granted by the per-project "Administration" role) can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflects up to 200 characters of the response body back to the user in an error message. This constitutes a Server-Side Request Forgery (SSRF) with partial response read.

### Patches

* https://github.com/WeblateOrg/weblate/pull/18684
* The solution then has been cleaned up in followup patches

### Workarounds
Limiting available machinery services via WEBLATE_MACHINERY setting can avoid this.

### References

Thanks to @DavidCarliez for disclosing this via GitHub private vulnerability reporting.

Weblate lacks rate limiting when verifying second factor
The verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing.

Weblate has improper validation upon invitation acceptance
It was possible to accept an invitation opened by a different Weblate user.