As part of a proactive security audit, we discovered and corrected the following vulnerability. We recommend all self-hosted installations of Humio update to the latest security release.
Insecure deserialization of YAML
Status: Fixed in Humio 1.10.8, 1.12.3 and 1.13.3
Classification: Critical
Fixed an issue related to insecure deserilization of YAML files in our Dashboard Template files. The issue would have made it possible for an authenticated user to craft a malicious YAML file that when uploaded would allow the user to perform remote code execution. We found no evidence that this exploit have been utilized on our cloud.
Comments
0 comments
Article is closed for comments.