The US Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The three vulnerabilities are:
- CVE-2023-28432 (CVSS Score – 7.5) – MinIO Information Disclosure Vulnerability
- CVE-2023-27350 (CVSS Score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability
- CVE-2023-2136 (CVSS Score – TBD) – Google Chrome Skia Integer Overflow Vulnerability
“In cluster deployments, MinIO returns all environment variables including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, which causes an information disclosure,” MinIO maintainers said in an advisory published on March 21, 2023.
Data collected by GreyNoise shows that as many as 18 unique malicious IP addresses from the United States, Netherlands, France, Japan, and Finland have attempted to exploit this vulnerability in the past 30 days.
In an alert published late last month, the threat intelligence firm said that the reference implementation provided by OpenAI for developers to integrate plugins into ChatGPT was an outdated version of MinIO vulnerable to CVE-2023-28432. I also mentioned that I was dependent on
“The new features released by OpenAI are valuable tools for developers who want to access live data from different providers in their ChatGPT integrations, but security should remain a core design principle,” said GreyNoise. says.
The KEV catalog also added a critical remote code execution bug affecting PaperCut print management software, allowing remote attackers to bypass authentication and execute arbitrary code.
This vulnerability has been addressed by the vendor as of March 8, 2023 with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9. The Zero Day Initiative, which reported the issue on January 10, 2023, plans to release additional technical details on May 10, 2023.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Save my seat!
An update shared by the Melbourne-based company earlier this week revealed evidence of unpatched servers being exploited in the wild around April 18, 2023.
Cybersecurity firm Arctic Wolf said it “confirmed intrusion activity associated with a vulnerable PaperCut server with the RMM tool Synchro MSP loaded on the victim’s system.”
Last added to the list of actively exploited flaws was a vulnerability in Google Chrome affecting the Skia 2D graphics library that allowed attackers to perform a sandbox escape via a specially crafted HTML page. It might work.
The US Federal Civil Administration (FCEB) agency recommends fixing the identified vulnerabilities by May 12, 2023 to protect your network from active threats.
