Tag
#stigmem-node
Understanding Cross-Tenant BOLA Vulnerability in stigmem-node
This educational analysis covers a critical vulnerability in stigmem-node, a multi-tenant node that mishandles RTBF tombstones, leading to cross-tenant BOLA (Broken Object Level Authorization). The vulnerability allows an attacker to mis-attribute and suppress reads tenant-blind, compromising data-view correctness and RTBF guarantees.
stigmem-node Vulnerability: Cross-Tenant Data Exposure via Decay Sweep
A vulnerability in stigmem-node allows a caller with write credentials for one tenant to run a decay sweep affecting all tenants, leading to cross-tenant data destruction or information disclosure. This issue affects multi-tenant deployments of stigmem-node. To mitigate, update to version 0.9.0a12 or later.
The Importance of Out-of-Band Approval in Federation Peer Registration
A recent security advisory revealed a vulnerability in stigmem-node's federation peer registration process, which lacked explicit out-of-band approval. This vulnerability had a severity score of 9.1 and could be exploited if initial registration was intercepted or misdirected. The issue has been patched in version 0.9.0a2.
stigmem-node Vulnerability: Auth-Disabled Deployments Expose to Broad Anonymous Access
A vulnerability in stigmem-node allows auth-disabled deployments to grant broad anonymous access outside loopback environments. Operators who disabled authentication while binding the node to a non-loopback URL are impacted.
Understanding the Risks of Unsigned Plugin Overrides in stigmem-node
A security vulnerability in stigmem-node allowed unsigned plugin overrides without a second explicit acknowledgment, potentially enabling less-trusted users to load unsigned plugin code. This issue has been patched in version 0.9.0a2. Users are advised to upgrade and follow best practices to mitigate the risk.