Blog | G5 Cyber Security

Severe RCE vulnerability affected popular StackStorm Automation Software

Security researcher Barak Tawily has discovered a severe vulnerability in StackStorm. The flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. The vulnerability tied the way the StackStorm REST API improperly handled CORS (cross-origin resource sharing) headers, allowing web browsers to perform cross-domain requests on behalf of authenticated users/developers. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks.”]

Source: https://securityaffairs.co/wordpress/82259/security/stackstorm-rce-flaw.html

Exit mobile version