Spotify’s Backstage flaw left servers open to RCE attacks – CyberNews.com

A vulnerability in Spotify’s open-source Backstage project allowed researchers to exploit virtual machine (VM) sandbox escape to perform Remote Code Execution (RCE).

Researchers discovered a vulnerability that could have allowed threat actors to exploit a VM sandbox escape using a third-party library. According to cybersecurity firm Oxeye, the critical flaw could lead to data loss if exploited.

Backstage is a project incubated by Spotify and is often used for building developer portals. It is used by a number of organizations, including Netflix, American Airlines, Epic Games, and others.

“Backstage can hold integration details to many organization systems, such as Prometheus, Jira, ElasticSearch, and others. Thus, successful exploitation has critical implications for any affected organization and can compromise those services and the data they hold,” researchers said in a blog post.

After executing the payload locally, researchers went online to see what impact the vulnerability…

Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiM2h0dHBzOi8vY3liZXJuZXdzLmNvbS9uZXdzL3Nwb3RpZnlzLWJhY2tzdGFnZS1mbGF3L9IBAA?oc=5

The post Spotify’s Backstage flaw left servers open to RCE attacks – CyberNews.com first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/11/18/spotifys-backstage-flaw-left-servers-open-to-rce-attacks-cybernewscom_2022111836031.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.