May brought a fresh batch of security headaches. This month, we’re focusing on critical vulnerabilities in widely used software like Apache, Gitlab, and Github. These flaws could allow attackers to steal data, hijack systems, or wreak havoc in your network. Let’s break down the top 5 CVEs you need to address right away to stay secure.
1. CVE-2024-27348: Unauthenticated Users Can Execute OS Commands in Apache HugeGraph-Server
CVE-2024-27348 is a critical vulnerability in Apache HugeGraph-Server that allows remote code execution (RCE). This means an attacker could potentially take control of your system if it’s running a vulnerable version of the software.
Here’s a breakdown of the CVE:
- Affected Software: Apache HugeGraph-Server versions before 1.3.0
- Vulnerability: Unauthenticated RCE via Groovy injection
- Impact: An attacker can take control of the system
The vulnerability exists because the software doesn’t properly sanitize user input, which allows attackers to inject Groovy code. Groovy is a programming language that can be used to execute commands on the system.
Mitigation:
The recommended mitigation for this vulnerability is to upgrade to Apache HugeGraph-Server version 1.3.0 or later. This version fixes the vulnerability by properly sanitizing user input.
Here are some additional things to keep in mind:
- It’s important to keep your software up to date to protect yourself from vulnerabilities.
- You should be careful about what software you install on your system and only install software from trusted sources.
- If you are concerned about this vulnerability, you can contact the Apache HugeGraph-Server maintainers for more information.
2. CVE-2024-24919: Check Point Security Gateway Information Disclosure Vulnerability
CVE-2024-24919 is a high-severity information disclosure vulnerability that affects Check Point Security Gateway devices. It was identified in May 2024 and has been exploited in the wild since at least April 2024. Here’s a breakdown of the vulnerability:
- Affected devices: Check Point Security Gateways configured with either the “IPSec VPN” or “Mobile Access” software blade.
- Impact: An attacker can potentially read sensitive information on the vulnerable gateway. This information could be used to launch further attacks on the network.
- Severity: High, because it allows unauthorized access to potentially sensitive information.
The good news is that Check Point has released a security fix to address this vulnerability. Here’s what you should do:
- Update your Check Point Security Gateway: Check Point released a hotfix to address this vulnerability. Update your gateway as soon as possible to mitigate the risk.
- Verify your authentication: Check Point advisory recommends using multi-factor authentication instead of password-only authentication for local accounts. This will make it significantly harder for attackers to brute-force their way into your system.
For more information on the vulnerability, you can refer to the following resources:
Check Point’s security advisory: https://support.checkpoint.com/results/sk/sk182336
3. CVE-2024-4835: GitLab Patches Critical XSS Vulnerability
GitLab addressed a critical security vulnerability – CVE-2024-4835 through patch releases for GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability was a cross-site scripting (XSS) flaw, which could have allowed attackers to inject malicious code into GitLab web pages.
Here’s a breakdown of the vulnerability:
- Type: Cross-site scripting (XSS)
- Severity: High (CVSS score: 8.0) (https://www.cisa.gov/news-events/news/cisa-national-cyber-incident-scoring-system-nciss)
- Impact: An attacker could have potentially stolen sensitive user information (like passwords) by crafting a malicious webpage that exploited the XSS vulnerability.
Resolution:
GitLab released patches to address this vulnerability in May 2024. These patches are available for the following versions:
- GitLab 17.0.1
- GitLab 16.11.3
- GitLab 16.10.6
Recommendation:
It’s crucial to update your GitLab installation to the latest patched version (mentioned above) as soon as possible to mitigate this critical vulnerability and protect your data.
4. CVE-2024-27130: RCE Vulnerability in QNAP NAS Devices
CVE-2024-27130 is a critical vulnerability that affects QNAP’s Network Attached Storage (NAS) devices running the QTS operating system. This vulnerability allows for Remote Code Execution (RCE), which means an attacker could potentially take complete control of your NAS device if it’s exploited.
Here’s a breakdown of the issue:
- Type: Remote Code Execution (RCE)
- Affected Products: QNAP NAS devices running QTS operating system
- Impact: An attacker could exploit this vulnerability to gain unauthorized access to your NAS device, steal sensitive data, install malware, or disrupt operations.
Here’s what makes this vulnerability critical:
- Unauthenticated Attack: An attacker doesn’t need any login credentials to exploit this vulnerability.
- Potential for Data Theft: QNAP NAS devices often store sensitive data like backups and personal files.
- Public Exploit Code: Proof-of-concept (PoC) exploit code was publicly available, making it easier for attackers to leverage the vulnerability.
What to Do:
Fortunately, QNAP released a security patch (QTS 5.1.7.2770 version 20240520) in May 2024 to address this vulnerability. It’s crucial to update your QNAP NAS device to the latest version as soon as possible.
Here are some additional resources:
- Security Affairs write-up: https://www.theregister.com/2024/02/13/qnap_latest_vulnerabilities/
- Bleeping Computer article: https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-command-injection-flaws-in-qts-os-apps/
5. Critical Authentication Bypass in GitHub Enterprise Server: CVE-2024-4985
CVE-2024-4985 refers to a critical vulnerability discovered in May 2024 that affects GitHub Enterprise Server (GHES). This vulnerability allowed attackers to bypass authentication altogether, potentially gaining unauthorized access to sensitive code repositories and private information.
Here’s a breakdown of the issue:
- Affected Product: GitHub Enterprise Server (GHES)
- Impact: This vulnerability could grant attackers unauthorized access to a GHES instance, including potentially gaining administrative privileges. This could lead to a compromise of sensitive source code, breaches of private data, and disruption of development workflows.
- Cause: The flaw resided in the way GHES handled encrypted Security Assertion Markup Language (SAML) claims, a feature used for Single Sign-On (SSO) authentication.
- Severity: CVE-2024-4985 received a perfect 10.0 score on the CVSS (Common Vulnerability Scoring System) scale, indicating its critical severity.
It’s important to note that this vulnerability only affected GHES instances configured with:
- SAML SSO authentication
- The optional encrypted assertions feature
Thankfully, GitHub addressed this issue swiftly by releasing patches for various GHES versions.
Recommendation:
If you are using an affected version of GHES (prior to 3.13.0), update your server to the patched versions: 3.9.15, 3.10.12, 3.11.10, or 3.12.4. This will mitigate the risk of attackers exploiting this vulnerability.
For further information, you can refer to the official GitHub security advisory: https://github.com/advisories/GHSA-5pw9-f9r4-mv2r
Final Thoughts
That’s it for our top CVEs of May! By patching these vulnerabilities promptly, you can significantly reduce your attack surface and keep those pesky hackers at bay. Remember, staying informed and applying security updates is an ongoing process. Stay tuned for more in-depth analysis and the latest security threats in the coming months! For real-time updates, follow Strobes on social media!
Strobes Vulnerability Intel portal is created to provide a comprehensive archive of the latest vulnerabilities, exploits, and CVEs targeting a given platform or application – Learn more