In this week's Security Advisory
- Atlassian Releases Security Updates for Several Products
- Critical Vulnerability in WordPress 'miniOrange Plugins' can Lead to Privilege Escalation
- Fortra's Critical Remote Code Execution Vulnerability in FileCatalyst Transfer Tool Receives Updated CVE
- Security Patch Released in Google Chrome Desktop Browser and Mozilla Products
Atlassian Releases Security Patches for Several Products
Atlassian released security updates to fix twenty-five (25) vulnerabilities impacting Confluence, Jira, Bitbucket servers, and Bamboo servers. The highest severity is a critical flaw identified as CVE-2024-1597, rated with a CVSS score of 10 out of a possible 10. Exploiting this vulnerability could enable unauthorized access to internal environments, circumvent security measures and allow malicious code to be executed for nefarious purposes. Please note that Atlassian Cloud sites are not affected at this time.
Because Atlassian products are a favorable target for attackers, organizations should implement patches for the software as soon as possible.
More Reading/Information
- https://www.securityweek.com/atlassian-patches-critical-vulnerability-in-bamboo-data-center-and-server/
- https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html
Critical Vulnerability in WordPress 'miniOrange Plugins' can Lead to Privilege Escalation
WordPress has identified a critical vulnerability, tracked as CVE-2024-2172 with a CVSS score of 9.8 out of 10, affecting the miniOrange malware scanner and web application firewall plugins. The miniOrange malware scanner plugin is an open-source application designed to detect malware infections and potentially harmful scripts on websites. The miniOrange Web Application Firewall plugin is capable of monitoring and blocking suspicious incoming traffic. CVE-2024-2172 is an exploit that applies to both plugins, allowing an attacker to gain administrator privileges. With an elevated credential, a threat actor is able to access anything on a website including modifications to a page or uploading additional malicious payloads.
Versions Affected:
- All versions are vulnerable.
More Reading/Information
- https://wordpress.org/plugins/web-application-firewall/
- https://wordpress.org/plugins/miniorange-malware-protection/#description
- https://www.wordfence.com/blog/2024/03/critical-vulnerability-remains-unpatched-in-two-permanently-closed-miniorange-wordpress-plugins-1250-bounty-awarded/
- https://gbhackers.com/discontinued-wordpress-plugin-flaw/
Fortra's Critical Remote Code Execution Vulnerability in FileCatalyst Transfer Tool Receives Updated CVE
New threat intel indicates that a Proof-of-Concept (POC) has been publicly published for the critical FileCatalyst Transfer Tool vulnerability. Although this vulnerability has been discovered and patched in August 2023, a CVE for this flaw has finally been registered and is being tracked as CVE-2024-25153 with a CVSS score of 9.8 out of a possible 10. With the POC made public, exploit attempts are expected to occur on any unpatched FileCatalyst Transfer Tool.
Affected Versions:
- Versions prior to 5.1.6 - Build 114
More Reading/Information
- https://www.fortra.com/security/advisory/fi-2024-002
- https://www.securityweek.com/poc-published-for-critical-fortra-code-execution-vulnerability/
- https://www.scmagazine.com/news/fortra-filecatalyst-rce-bug-disclosed-full-poc-exploit-available
- https://www.helpnetsecurity.com/2024/03/19/cve-2024-25153-poc-exploit/
- https://www.darkreading.com/vulnerabilities-threats/fortra-releases-update-on-critical-severity-rce-flaw
Security Patch Released in Google Chrome Desktop Browser and Mozilla Products
There were security updates released by Google Chrome Desktop Browser and Mozilla to address several vulnerabilities in each product.
Google released a security update to fix twelve (12) vulnerabilities in its Chrome Desktop Browser for Windows, Mac, and Linux with one (1) receiving a severity rating of "high".
Mozilla released security updates to address vulnerabilities in several of its products that could lead to arbitrary code execution. There was a total of thirty-two (32) vulnerabilities affecting Firefox, Firefox ESR, and Thunderbird, with one (1) receiving a severity rating of "critical." These affect Firefox versions prior to 124, Firefox ESR versions prior to 115.9, and Thunderbird versions prior to 115.9.
More Reading/Information
- https://www.mozilla.org/en-US/security/advisories/
- https://www.howtogeek.com/firefox-124-release/
- https://www.ghacks.net/2024/03/19/firefox-124-0-launches-with-new-features-and-security-fixes/
- https://chromereleases.googleblog.com/
- https://www.securityweek.com/chrome-123-firefox-124-patch-serious-vulnerabilities/
- https://cybersecuritynews.com/chrome-123-patch/
- https://www.ghacks.net/2024/03/20/google-chrome-123-launches-with-security-fixes-and-google-update-changes-on-windows/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.