Register now for better personalized quote!

CISA warns of remote code execution vulnerability with Discourse

Oct, 26, 2021 Hi-network.com

Open Source

  • GitHub vs GitLab: Which program is right for you?
  • The best Linux distros for beginners
  • Feren OS is a Linux distribution that's as lovely as it is easy to use
  • How to add new users to your Linux machine

CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as "critical." 

The issue was patched on Friday, and developers explained that CVE-2021-41163 involved "a validation bug in the upstream aws-sdk-sns gem" that could "lead to RCE in Discourse via a maliciously crafted request."

Developers noted that to work around the issue without updating, "requests with a path starting /webhooks/aws could be blocked at an upstream proxy."

The popular open source discussion platform attracts millions of users every month, prompting the message from CISA urging updates to be pushed through. 

Researchers have detailed the finer points of the problem in blog posts and reported the issue to Discourse, which did not respond to requests for comment. 

BleepingComputer conducted a search on Shodan that found all Discourse SaaS instances have been patched. 

Saryu Nayyar, CEO of cybersecurity company Gurucul, said Discourse "continues to make news after researchers discovered a vulnerability that enabled attackers to invoke OS commands at the Administrator level." 

"It's critically important for both systems administrators and individual users to keep up with security information from software providers and to install patches promptly. We can't rely on Microsoft or other OS vendors to automatically push patches to our systems. Users of Discourse software should test and install this patch as their most important priority," Nayyar said. 

"Most user computers don't have computer admin access. If the only admin access on a computer is through the network administrator account, if you can execute using admin access, hackers have the potential to send a command that can compromise the entire network."

Haystack Solutions CEO Doug Britton said the vulnerability is dangerous because it can be run remotely without already being an authenticated user on the victim server.

"Level 10 bugs are undoubtedly the most serious vulnerabilities. Discourse is a major communications platform," Britton said. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.