"The issue could allow attackers to obtain a full interactive shell without authentication, leading to arbitrary system command execution. Unlike other WebSocket endpoints that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification."
"The attacker built a working exploit directly from the advisory description, connected to the unauthenticated terminal endpoint, and began manually exploring the compromised environment."
A critical-severity vulnerability in Marimo, an open-source reactive notebook for Python, was disclosed on April 8, with a CVSS score of 9.3. The flaw allows unauthenticated remote code execution via the terminal WebSocket endpoint. Exploitation was observed just over nine hours after the advisory, with an attacker creating a functional exploit to steal credentials. The attack involved connecting to the vulnerable endpoint, performing reconnaissance, and exfiltrating sensitive information. Sysdig reported activity from multiple IP addresses related to the exploitation and reconnaissance efforts.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]