Users of the popular open-source DevOps automation software StackStorm are advised to update to the recently released 2.10.3 and 2.9.3 versions, which address a critical vulnerability (CVE-2019-9580) in the platform that could allow remote attackers to perform arbitrary commands on targeted servers.
StackStorm, an event-driven DevOps automation tool, enables developers to set up scheduled tasks as well as construct specific actions and workflows for large-scale servers. For StackStorm to do all these tasks on behalf of remote servers handled by its agent, it requires high-privilege access to systems — something an attacker can exploit.
The vulnerability was found by application security researcher Barak
Prior to the release of the updated versions, the StackStorm API would pull up a “null” result if the origin of the request using the Access-Control-Allow-Origin header was unknown — thus, opening up the API to cross-site scripting (XSS) style attacks.
As reported by The Hacker News, because the vulnerability enables web browsers to perform cross-domain requests on behalf of developers authenticated to the StackStorm Web UI, cybercriminals can abuse it by sending a malicious link to a victim. An attacker can then take over any server and read, update, and create actions and workflows, get internal IP information, as well as execute commands on StackStorm-accessible machines.
Trend Micro Solutions
Security solutions support DevOps processes by mitigating the potential impact of vulnerabilities in and threats to DevOps automation software like StackStorm. The Trend Micro™ Hybrid Cloud Security solution, for example, provides threat defense for safeguarding runtime physical, virtual, and cloud workloads, and containers as well as scanning of container images during development phases.
Trend Micro helps DevOps teams to build securely, ship fast, and run anywhere. The Trend Micro Hybrid Cloud Security solution provides powerful, streamlined, and automated security within the organization’s DevOps pipeline and delivers multiple XGen™ threat defense techniques for protecting runtime physical, virtual, and cloud workloads. It also adds protection for containers via Deep Security™ solution and Deep Security Smart Check, which scans container images for malware and vulnerabilities at any interval in the development pipeline to prevent threats before they are deployed.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale