EUVD-2019-0319

Malware in sbrugna...

sauce-connect downloads Resources over HTTP

Affected versions of sauce-connect insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-MQ76-M7GV-XHFM sauce-connect downloads Resources over HTTP

Affected versions of sauce-connect insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Man In The Middle (MitM)

sauce-connect is vulnerable to man-in-the-middle MitM attack. It is possible because it does not prevent downloading of binary resources via HTTP. Moreover, attacker can trigger remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10599

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...

CVE-2016-10599

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...

Remote code execution

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...

CVE-2016-10599

The CVE-2016-10599 issue affects sauce-connect (Node.js wrapper around SauceConnect.jar). It arises because sauce-connect downloads binaries over HTTP, enabling MITM tampering where an attacker between the user and the server can replace the binary, potentially causing remote code execution on th...

Downloads Resources over HTTP

Overview Affected versions of sauce-connect insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...