Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Jun 2018 17:56:18 -0700
From: oss-security-list@...tactdaniel.net
To: oss-security@...ts.openwall.com
Subject: rclone data exflitration / unauthorized API use

Due to it's reliance on vulnerable upstream vendor SDKs & APIs, all 
current versions of 'rclone' are subject to a variety of attacks.

This vulnerability is an instance of a class of security vulnerabilities 
that affect a wide variety of software. Any API which has clients 
perform actions on arbitrary URLs chosen by the API server will lead to 
this class of attack becoming a concern.

Current Google Cloud Storage SDKs/APIs, Backblaze B2 APIs, and Yandex 
Disk APIs are affected.

No CVE is presently assigned.

Further details at: 
https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/

-- 
Daniel Dent
https://www.danieldent.com/	

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ