Security News > 2021 > June > Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
An unpatched stored cross-site-scripting security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found.
To boot, the PlingStore application is affected by an unpatched remote code-execution vulnerability, which researchers said can be triggered from any website while the app is running - allowing for drive-by attacks.
After adding an XSS payload in the HTML code section, he found that the XSS could triggered when visiting a malicious listing in the affected marketplace.
Attackers could exploit the bug to modify active listings, or post new listings on Pling-based stores in the context of other users, resulting in a wormable XSS, the researcher warned.
"Besides the typical XSS implications, this would allow for a supply-chain attack XSS worm using a JavaScript payload that performs the following two steps: Upload a new version of their software; [and] change the metadata of the victim's listings to itself include this malicious payload," he said.
Essentially, any of the downloadable assets might be compromised, so users should be warned that any listing on any of the affected marketplaces could hijack a user's account on the platform via XSS, Bräunlein said.
News URL
https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)