Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
#1
Information 
Quote:An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found.
 
The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look.
 
To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running – allowing for drive-by attacks.
 
PlingStore is an installer and content-management application that acts as a consolidated digital storefront for the various aforementioned sites that offer Linux software and plugins. It allows users to download, install and apply desktop themes, icon themes, wallpapers, mouse cursors and so on directly using the “Install” button.
 
The Pling team could not be reached, according to Fabian Bräunlein with Positive Security, writing in a blog post on Tuesday – “which is why we have decided to publish these unpatched vulnerabilities in order to warn users,” he said.

Read more: Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>