Spring Security - CVE-2023-34034

Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept

Spring Security’s newly released versions contain a fix for a broken access control vulnerability – CVE-2023-34034 – which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers. Given the severe potential impact of the vulnerability on Spring WebFlux applications (that use Spring Security for authentication and access control), its …

Analyzing Impala Stealer – Payload of the first NuGet attack campaign

Analyzing Impala Stealer – Payload of the first NuGet attack campaign In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted .NET …

Open SSH Sandbox

Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH. …

JAS Contextual Analysis WebGoat Application

Testing the actual security of the most insecure Docker application

Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat – a deliberately insecure application. The results identified that …

OpenSSH Pre-Auth Double Free CVE-2023-25136 Writeup and PoC

OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept

OpenSSH’s newly released version 9.2p1 contains a fix for a double-free vulnerability. Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. This blog post provides details on the vulnerability, who is affected, …

Detecting Malicious Packages and How They Obfuscate Their Malicious Code

Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines.  In the prior posts: We explained what software supply chain attacks are and learned the …

Watch out for DoS when using Rust’s popular Hyper package

Watch out for DoS when using Rust’s popular Hyper package

The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain. As part of this effort, we recently discovered and disclosed multiple vulnerabilities in popular Rust projects such as Axum, Salvo and …

Latest LastPass security breach highlights

Latest LastPass security breach highlights developers as a high-value target

Last August, the maintainers of the LastPass cloud-based password manager tool reported a security breach in their servers. The disclosure maintained that an unauthorized party gained access to the LastPass development environment through a single compromised developer account. However – while source code and technical information was stolen, no user data was compromised and no …