SB2021050713 - Insecure proxy configuration in Mozilla Hubs Cloud Reticulum
Published: May 7, 2021
Security Bulletin ID
SB2021050713
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insecure configuration (CVE-ID: CVE-2021-29954)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure proxy configuration built into our Reticulum software package, which allowed access to internal URLs, including the metadata service, which could allow access to credentials specific to a Hubs Cloud Instance. A remote non-authenticated attacker can obtain sensitive information and use it to compromise the Hubs Cloud Instance.
Remediation
Install update from vendor's website.