Security News > 2023 > April > CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.
"In a cluster deployment, MinIO returns all environment variables, including MINIO SECRET KEY and MINIO ROOT PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023.
The threat intelligence company, in an alert published late last month, also noted how a reference implementation provided by OpenAI for developers to integrate their plugins to ChatGPT relied on an older version of MinIO that's vulnerable to CVE-2023-28432.
Also added to the KEV catalog is a critical remote code execution bug affecting PaperCut print management software that allows remote attackers to bypass authentication and run arbitrary code.
The vulnerability has been addressed by the vendor as of March 8, 2023, with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9.
Lastly added to the list of actively exploited flaws is a Google Chrome vulnerability affecting the Skia 2D graphics library that could enable a threat actor to perform a sandbox escape via a crafted HTML page.
News URL
https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-22 | CVE-2023-28432 | Unspecified vulnerability in Minio Minio is a Multi-Cloud Object Storage framework. | 7.5 |