A significant-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation instrument that could consequence in arbitrary code execution on affected systems.
Tracked as CVE-2023-37476 (CVSS rating: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in variations 3.7.3 and down below.
“Though OpenRefine is created to only operate domestically on a user’s machine, an attacker can trick a person into importing a destructive project file,” Sonar security researcher Stefan Schiller explained in a report printed last week. “The moment this file is imported, the attacker can execute arbitrary code on the user’s device.”
Program susceptible to Zip Slip vulnerabilities can pave the way for code execution by taking edge of a directory traversal bug that an attacker can exploit to gain access to sections of the file program that need to be out of arrive at normally.
The attack is constructed on two going elements: a malicious archive and extraction code that does not perform suitable validation checking, which can allow for overwriting information or unpacking them to unintended locations.
The extracted documents can both be invoked remotely by the adversary or by the technique (or user), ensuing in command execution on the victim’s equipment.
The vulnerability determined in OpenRefine is along equivalent lines in that the “untar” process for extracting the data files from the archive enables a negative actor to create information outdoors the place folder by generating an archive with a file named “../../../../tmp/pwned.”
Next dependable disclosure on July 7, 2023, the vulnerability has been patched in edition 3.7.4 launched on July 17, 2023.
“The vulnerability presents attackers a robust primitive: crafting documents with arbitrary content to an arbitrary site on the filesystem,” Schiller said.
“For applications managing with root privileges, there are dozens of opportunities to turn this into arbitrary code execution on the functioning method: including a new user to the passwd file, incorporating an SSH important, developing a cron job, and a lot more.”
The disclosure comes as proof-of-concept (PoC) exploit code has surfaced for a pair of now-patched flaws in Microsoft SharePoint Server โ CVE-2023-29357 (CVSS score: 9.8) and CVE-2023-24955 (CVSS score: 7.2) โ that could be chained to reach privilege escalation and distant code execution.
It also follows an alert from Cyfirma warning of a superior-severity bug in Apache NiFi (CVE-2023-34468, CVSS score: 8.8) that will allow distant code execution by way of malicious H2 databases link strings. It has been settled in Apache NiFi 1.22..
“The effect of this vulnerability is intense, as it grants attackers the ability to gain unauthorized access to techniques, exfiltrate sensitive knowledge, and execute destructive code remotely,” the cybersecurity agency said. “An attacker could exploit this flaw to compromise details integrity, disrupt operations, and perhaps bring about economic and reputational injury.”
Identified this article appealing? Abide by us on Twitter ๏ and LinkedIn to go through additional special written content we put up.
Some parts of this article are sourced from:
thehackernews.com