Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform By Orbit Brain November 15, 2022 0 302 views Dwelling › VulnerabilitiesOrganizations Warned of Essential Vulnerability in Backstage Developer Portal PlatformBy Eduard Kovacs on November 15, 2022TweetBackstage, an open platform for constructing developer portals, is affected by a crucial vulnerability whose exploitation might have a severe influence on a focused enterprise, in accordance with cloud-native software safety agency Oxeye.Backstage was developed by Spotify and donated to the Cloud Native Computing Basis. It supplies a catalog for managing the entire person’s software program, software program templates to make it simpler to create initiatives, and open supply plugins that can be utilized to broaden its customizability and performance. The platform is utilized by many main organizations, together with Netflix, American Airways, Doordash, Palo Alto Networks, HP, Siemens, LinkedIn, and Booz Allen Hamilton.Backstage is affected by a crucial vulnerability associated to a safety gap discovered earlier this yr by Oxeye within the standard sandbox library VM2. The VM2 flaw, dubbed SandBreak and tracked as CVE-2022-36067, can permit a distant attacker to flee the sandbox and execute arbitrary code on the host.Backstage has been utilizing VM2 and Oxeye researchers found that CVE-2022-36067 may be exploited for unauthenticated distant code execution in Backstage by abusing its software program templates. An attacker who can efficiently exploit the vulnerability might perform varied actions within the compromised group’s community.“Backstage can maintain integration particulars to many group techniques, reminiscent of Prometheus, Jira, ElasticSearch, and others. Thus, profitable exploitation has crucial implications for any affected group and may compromise these providers and the information they maintain,” Oxeye mentioned in a technical weblog publish describing the vulnerability.Oxeye reported its findings to Backstage builders via Spotify’s bug bounty program in mid-August and the flaw was mounted roughly 10 days later with the discharge of model 1.5.1, which features a patched model of VM2.“In case you’re utilizing a template engine in your software, be sure you select the fitting one in relation to safety. Sturdy template engines are extraordinarily helpful however would possibly pose a danger to your group,” the safety agency really helpful.Associated: U.S. Authorities, Tech Giants Talk about Open Supply Software program SafetyAssociated: Lecturers Devise Open Supply Device For Searching Node.js Safety FlawsAssociated: Essential Vulnerabilities Present in System42 Asset Administration PlatformGet the Every day Briefing Most LatestMost LearnZendesk Vulnerability May Have Given Hackers Entry to Buyer KnowledgeBishop Fox Provides $46 Million to Sequence B Funding SphericalChinese language Cyberespionage Group ‘Billbug’ Targets Certificates AuthorityLengthy-Standing Chinese language Cybercrime Marketing campaign Spoofs Over 400 ManufacturersOrganizations Warned of Essential Vulnerability in Backstage Developer Portal PlatformSwimlane Launches Safety Automation Ecosystem for OTThreat Mitigation Methods to Shut the XIoT Safety Hole40 States Settle Google Location-Monitoring Expenses for $392MCanadian Grocery store Chain Sobeys Hit by Ransomware AssaultAiphone Intercom System Vulnerability Permits Hackers to Open DoorwaysSearching for Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureMethods to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingMethods to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Backstage critical remote code execution sandbox escape vm2 vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Apple Warns of macOS Kernel Zero-Day ExploitationIntroducing the Cyber Security News Apple Warns of macOS Kernel Zero-Day Exploitation.... September 13, 2022 Cyber Security News
Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPGIntroducing the Cyber Security News Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG.... December 15, 2022 Cyber Security News
See Tickets Customer Payment Card Data Stolen by Web SkimmerIntroducing the Cyber Security News See Tickets Customer Payment Card Data Stolen by Web Skimmer.... October 27, 2022 Cyber Security News
Wabtec Says Personal Information Compromised in Ransomware AttackIntroducing the Cyber Security News Wabtec Says Personal Information Compromised in Ransomware Attack.... January 4, 2023 Cyber Security News
Lighting Giant Acuity Brands Discloses Two Data BreachesIntroducing the Cyber Security News Lighting Giant Acuity Brands Discloses Two Data Breaches.... December 9, 2022 Cyber Security News
Meta Disables Russian Propaganda Network Targeting EuropeIntroducing the Cyber Security News Meta Disables Russian Propaganda Network Targeting Europe.... September 28, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 75
Ethereum Blockchain Now Has A Modernized Version of Bitcoin (BTC) But With A Much Lower SupplyMarch 9, 2024 71