- Popular open source vulnerability scanner Nuclei was found to be vulnerable itself
- A bug allowed crooks to smuggle malicious code past the scanner
- The vulnerability was fixed in September 2024, but many users still haven’t updated
A vulnerability scanning tool was found to have been vulnerable itself, allowing crooks to smuggle malicious code past the gatekeeper.
Cybersecurity researchers from Wiz found a bug in ProjectDiscovery’s Nuclei in August 2024, after investigating the open source vulnerability scanner, which is designed to automate the detection of security issues across various protocols, systems, and applications using customizable YAML-based templates.
The bug is tracked as CVE-2024-43405, and was given a severity score of 7.8 (high). In versions 3.0.0 – 3.3.2, a vulnerability in Nuclei’s template signature verification system allowed malicious actors to bypass signature checks and possibly run malicious code via custom code template, it was said.
Upgrades and workarounds
A fix was released in early September 2024, making version 3.3.2 the first clean one. Users are urged to apply the fix immediately, since cybercriminals are expected to now start scanning for vulnerable endpoints. Those that cannot apply the patch in a timely manner should stop using custom templates, and instead only use trusted, verified ones.
“Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround,” it was explained on the NVD webpage.
Wiz also stated that Nuclei should be used in a virtual machine, or isolated environment.
While open source software is generally considered safe (if nothing else, then due to countless eyes looking at the code all the time), its popularity and ease of access also make it a popular target for criminals interested in software supply chain attacks. While the exact number of Nuclei users is impossible to determine, we can say it is a popular solution, since it has 21,000 stars on GitHub, paired with roughly 2,600 forks.
Additionally, the Nuclei project boasts more than 700 contributors and has facilitated over 50 million monthly scans, indicating widespread adoption within the cybersecurity community.
Via BleepingComputer
Leave a comment