“ParseThru” vulnerability allows unauthorized access to cloud-native applications

2022-08-02 12:02

A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications, Oxeye researchers have found.

The source of "ParseThru" - as the newly discovered vulnerability has been dubbed - is the use of unsafe URL parsing methods built in the language.

GoLang is a popular cloud native programming language.

Used to develop many cloud-native applications, GoLang is behind a large number of applications written for the cloud, including Kubernetes environments.

As a result, when a GoLang-based public API built upon GoLang version greater than 1.17 communicates with an internal service running GoLang prior to v1.17.

For these and other open source projects, the Oxeye research team managed to bypass critical application logic using this vulnerability to exploit the application for performing various unauthorized actions.

News URL

https://www.helpnetsecurity.com/2022/08/02/parsethru-vulnerability/

#cloud #vulnerability