Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices
In this article, a developer explains how they used SonarCloud to triage and identify vulnerabilities in an open-source project called Erxes. They discovered two intentionality issues that impacted the security of the software. The first issue was a path traversal vulnerability where user input was not correctly sanitized or escaped, allowing attackers to read arbitrary files on the file system. The second issue was an authentication bypass vulnerability where any user could become an admin on an Erxes instance just by sending a special header. These vulnerabilities were fixed in subsequent updates of the software. The author emphasizes the importance of using tools like SonarCloud and securing communication between microservices to prevent security vulnerabilities from reaching production environments.
Company
Sonar
Date published
March 21, 2024
Author(s)
Paul Gerste
Word count
2210
Language
English
Hacker News points
None found.