Rewterz Threat Advisory – Multiple Dell SupportAssist Client Consumer versions and Client commercial Vulnerabilities
June 14, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 14, 2022Rewterz Threat Advisory – Multiple Dell SupportAssist Client Consumer versions and Client commercial Vulnerabilities
June 14, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 14, 2022Severity
High
Analysis Summary
CVE-2022-31055
Google kCTF could allow a remote attacker to obtain sensitive information, caused by a broken access control in the kctf cluster set-src-ip-ranges. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-31055
Affected Vendors
Affected Products
Google kCTF 1.5.2
Remediation
Upgrade to the latest version of kCTF, available from the kCTF GIT Repository.