Vulnerable modules piling up today


#1

It was three, now it’s at least five. We have systems showing tampered modules, systems showing vulnerable modules with no upgrade available…

Is there a notification/post about what’s going on?


(TheJames) #2

tl;dr some “ReSeArChEr” ran a scan and found xss issues which don’t actually matter in context but they want clout so they submitted CVE’s. These generally have to be responded to even if low/no risk.

One of the only non xss bugs was an SQL thing. That is also low/no risk because you have to be authenticated for it to be used. There are probably hundreds of these non parameterized sql queries in the code base. This one was 16 years old. They are honestly low priority because they don’t matter. If someone wants to go through and get their commits up, doing PR’s moving old queries in to PDO (for the love of god not the way they did it in manager) It could be an easy contribution.

Oh right this was suppose to be a tl;dr


(Richard Smith) #3

If you are receiving warnings at the top of the GUI suggesting files have been tampered with and assuming you haven’t been doing anything ‘unusual’ with the system. I would suggest you have a potential breach. This isn’t a module upgrade issue, it’s because module files aren’t matching what they should be and alerting you to that fact. More information, including any screenshots or logs would be helpful to provide more information.


#4

It seems awfully coincidental that these two systems, one of which I maintenanced two days ago and it was fine, both showed tampered modules the day that five vulnerable modules were patched.

One of them seems fine now. On the other fail2ban won’t start. Both got a fwconsole ma refreshsignatures


(system) closed #5

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.