#AuthenticationVulnerability

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters

March 27, 2024 by Xynik

March 27, 2024 at 08:48AM Attackers have been exploiting a missing authentication vulnerability in the Ray AI framework, allowing them to compromise hundreds of clusters. The issue, identified as CVE-2023-48022, enables the submission of arbitrary system commands and access to sensitive information. Oligo reports numerous compromised clusters, including potential cryptomining and unauthorized access to cloud … Read more

Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP

January 12, 2024 by Xynik

January 12, 2024 at 10:42PM GitLab released security updates to address two critical vulnerabilities, CVE-2023-7028 and CVE-2023-5356. CVE-2023-7028 allows account takeover without user interaction, affecting versions 16.1 to 16.7. CVE-2023-5356 enables execution of slash commands as another user through Slack/Mattermost integrations. Users are advised to upgrade instances and enable 2FA for elevated privileges. Key takeaways … Read more