As part of a proactive security audit, we discovered and corrected two vulnerabilities. We recommend all self-hosted installations of Humio update to the latest security release.
XML External Entity Injection
Status: Fixed in Humio 1.8.8 and 1.9.1
Classification: Critical
Fixed an issue related to XML External Entity Injection in our parsers. The issue would have made it possible for an authenticated user to access files on the host system without having root privileges. We found no evidence that this exploit have been utilized on our cloud.
Stored XSS in dashboard notes
Status: Fixed in Humio 1.8.8 and 1.9.1
Classification: High
Fixed an issue related to stored XSS in dashboard notes. The issue would have made it possible for an authenticated user to insert a XSS payload in a dashboard note. We found no evidence that this exploit have been utilized on our cloud.
Comments
0 comments
Article is closed for comments.