StackStorm DevOps Software Vulnerability CVE-2019-9580 Allows Remote Code Execution

Popular open-source DevOps automation software StackStorm was reported to have a critical vulnerability that could allow remote attackers to perform arbitrary commands on targeted servers.

Users of the popular open-source DevOps automation software StackStorm are advised to update to the recently released 2.10.3 and 2.9.3 versions, which address a critical vulnerability (CVE-2019-9580) in the platform that could allow remote attackers to perform arbitrary commands on targeted servers.

StackStorm, an event-driven DevOps automation tool, enables developers to set up scheduled tasks as well as construct specific actions and workflows for large-scale servers. For StackStorm to do all these tasks on behalf of remote servers handled by its agent, it requires high-privilege access to systems — something an attacker can exploit.

The vulnerability was found by application security researcher Barak Tawily. According to his blog, the flaw lies in the manner in which StackStorm’s REST API deals with cross-origin resource sharing (CORS) headers. The Access-Control-Allow-Origin header pinpoints which domains can access a site’s resources. This header could also let malicious sites access those same resources in a cross-site tactic if it is left improperly configured.

Prior to the release of the updated versions, the StackStorm API would pull up a “null” result if the origin of the request using the Access-Control-Allow-Origin header was unknown — thus, opening up the API to cross-site scripting (XSS) style attacks.

As reported by The Hacker News, because the vulnerability enables web browsers to perform cross-domain requests on behalf of developers authenticated to the StackStorm Web UI, cybercriminals can abuse it by sending a malicious link to a victim. An attacker can then take over any server and read, update, and create actions and workflows, get internal IP information, as well as execute commands on StackStorm-accessible machines.

Trend Micro Solutions

Security solutions support DevOps processes by mitigating the potential impact of vulnerabilities in and threats to DevOps automation software like StackStorm. The Trend Micro Hybrid Cloud Security solution, for example, provides threat defense for safeguarding runtime physical, virtual, and cloud workloads, and containers as well as scanning of container images during development phases.

Trend Micro helps DevOps teams to build securely, ship fast, and run anywhere. The Trend Micro Hybrid Cloud Security solution provides powerful, streamlined, and automated security within the organization’s DevOps pipeline and delivers multiple XGen™ threat defense techniques for protecting runtime physical, virtual, and cloud workloads. It also adds protection for containers via Deep Security solution and Deep Security Smart Check, which scans container images for malware and vulnerabilities at any interval in the development pipeline to prevent threats before they are deployed.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.