Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

When 200 OK Is Not OK - Unveiling the Risks of Web Responses In API Calls

In the ever-evolving landscape of cybersecurity, where the battle between defenders and hackers continues to escalate, it is crucial to scrutinize every aspect of web interactions. While the HTTP status code 200 OK is generally associated with successful API calls, there’s a dark side to its seemingly harmless appearance that often goes unnoticed.

CVE-2024-21893: New Ivanti Zero-Day Vulnerability Actively Exploited

On January 31, 2024, Ivanti published an article disclosing two high severity vulnerabilities: CVE-2024-21893: A server-side request forgery flaw present in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons. This vulnerability allows an unauthenticated threat actor to access restricted resources. Ivanti reports that a limited number of customers have been affected by this vulnerability.

Detecting 'Leaky Vessels' Exploitation in Docker and Kubernetes

On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker. For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when the containers are built.

Nucleus Product Update 4.1

Welcome to the Nucleus Product Update 4.1. It’s a new year with new things to get excited about together. Here’s to making 2024 a great one! 🥳 This update outlines lots of Nucleus happenings you don’t want to miss, including: We’re also including a link to our latest webinars, which are value-packed sessions you don’t want to miss. Get the details for all updates below.

Why the future of AppSec is ASPM from Snyk AppRisk

Applications are getting bigger and more complex. With sprawling software supply chains, distributed developers, AI-enhanced productivity, and more technology, deployment, and cloud options than ever securing applications is harder than ever. To enable fast and secure development in this new reality, AppSec needs a comprehensive, proactive approach — one that helps address what matters most to reduce risk. They need to implement ASPM to shift the AppSec paradigm.

Buildkit GRPC SecurityMode privilege check: Build-time container breakout (CVE-2024-23653)

Snyk has discovered a vulnerability in all versions of Docker Buildkit <= v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e, when using FROM). This issue has been assigned CVE-2024-23653.

Buildkit build-time container teardown arbitrary delete (CVE-2024-23652)

Snyk has discovered a vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine. Exploitation of this issue can result in arbitrary file and directory deletion in the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e, when using FROM). This issue has been assigned CVE-2024-23652.

Buildkit mount cache race: Build-time race condition container breakout (CVE-2024-23651)

Snyk has discovered a vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM). This issue has been assigned CVE-2024-23651.

Vulnerability: runc process.cwd and leaked fds container breakout (CVE-2024-21626)

Snyk has discovered a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious image or building an image using a malicious Dockerfile or upstream image (i.e., when using FROM). This issue has been assigned the CVE-2024-21626.