3 matches found
Severe Flaw Disclosed In StackStorm DevOps Automation Software
A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful...
CVE-2019-9580
CVE-2019-9580 affects StackStorm’s Web UI (st2web) prior to versions 2.9.3 and 2.10.x prior to 2.10.3. The root cause is improper handling of CORS headers, where an unknown/null origin could be accepted, potentially enabling XSS and related cross-domain actions via a crafted link. Exploitation de...
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...