30/08/2024 - Version 6.4.26 Release Notes

🔧 Security Enhancements

Summary
The enhancements are intended to bolster our system's overall security posture and defend against potential threats.

Affected Version


Solution


Vulnerability Details
> ZDI-CAN-XXXXX: Logsign delete_gsuite_key_file Arbitrary File Deletion Vulnerability
Logsign does not properly validate the filename parameter in the delete_gsuite_api_key_file() function.

This function is associated with the /api/settings/delete_gsuite_key_file/<filename> endpoint.
When an HTTP DELETE request is made, the function fails to check if the filename is a valid .p12 file, leading to arbitrary file deletion within specified directories, such as /opt/logsign-poller/pollers/ or /hdfs/opt/var/log/ (if cluster mode is enabled).

An authenticated attacker with the delete_settings_device_list permission can exploit this vulnerability to delete any file within these directories including sensitive or system configuration files.


Mitigating Factors

Customers are advised to ensure they always have the latest version of the program.

Acknowledgement
Logsign would like to thank the Trend Micro Zero Day Initiative team for responsibly disclosing this issue.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.