59 matches found
Design/Logic Flaw
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...
CVE-2021-28667
StackStorm before 3.4.1 is affected by an infinite-loop vulnerability that can consume all available memory and disk space when logging Unicode data if Python 3.x is used and the locale is not UTF-8. Root cause is an unbounded loop triggered during logging of Unicode data from actions or rules. I...
CVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...
StackStorm 安全漏洞
StackStorm is an event-driven automation platform. The platform is mainly used for automated repair, security response, troubleshooting and program deployment functions. A security vulnerability exists in StackStorm before 3.4.1, which stems from the fact that StackStorm has an infinite loop that...
StackStorm Web UI Remote Code Execution (CVE-2019-9580)
A remote code execution vulnerability exists in StackStorm Web UI. Successful exploitation could lead to arbitrary code execution...
This Week in Security News: Security Vulnerabilities
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what critical approaches can protect your enterprise business from software vulnerabilities. Also, learn about vulnerabilities in IoT...
Severe Flaw Disclosed In StackStorm DevOps Automation Software
A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful...
Severe Flaw Disclosed In StackStorm DevOps Automation Software
A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful...
StackStorm Cross-Site Scripting Vulnerability
StackStorm is an event-driven automation platform. The platform is used for automated remediation, security response, troubleshooting, and program deployment functions.Web UI is one of the web-based user graphical interfaces. A security vulnerability exists in st2web in StackStorm Web UI versions...
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...
CVE-2019-9580
CVE-2019-9580 affects StackStorm’s Web UI (st2web) prior to versions 2.9.3 and 2.10.x prior to 2.10.3. The root cause is improper handling of CORS headers, where an unknown/null origin could be accepted, potentially enabling XSS and related cross-domain actions via a crafted link. Exploitation de...
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...
CVE-2018-20345
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
Improper access control
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
CVE-2018-20345
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
CVE-2018-20345
CVE-2018-20345 describes an incorrect access-control flaw in the StackStorm StackStorm API (st2api). Before 2.9.2 and before 2.10.1 (in 2.10.x), an authenticated StackStorm user could query datastore items for other users via /v1/keys with parameters ?scope=all and ?user=. Enterprise editions wit...
CVE-2018-20345
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
StackStorm Detection
Binary data 9707.prm...