StackStorm, a popular runbook automation tool, contained a major severe vulnerability. A flaw designated as CVE-2019-9580, allowed attackers to mislead developers into executing arbitrary code in StackStorm services. As of now, the company has fixed the flaw by releasing a security patch.
Worth noting
How was this flaw discovered - Security researcher Barak Tawily discovered this vulnerability when he analyzed the remote servers managed by StackStorm agent, which carry out automated actions.
“As we can see the 'Access-Control-Allow-Origin' header returning in each request to StackStorm REST API, even when request not includes the origin header, quite weird but anyway might make sense… Then I started to send a malformed Origin header and I realized that the server can't handle it properly, and returning the header 'Access-Control-Allow-Origin: null',” mentioned Tawily, in a blog post.
The researcher also mentions that this improper handling of malformed requests can allow attackers to to manipulate actions, workflows, get informaiton on internal IPs and execute arbitrary commands on the machines controlled by the StackStorm agent.
What actions were taken - Soon after Tawily contacted StackStorm regarding the issue, the company responded by releasing a security update. Developers are advised to update to the latest version to resolve this issue.
Publisher