SWAMP-in-a-Box Update 1.28.2

Greetings, SWAMP-in-a-Box community.

SWAMP-in-a-Box build 1.28.2.33 is a security release addressing a privilege escalation vulnerability found in a pentest by Black Hills Infosec. We’d like to thank them for their thorough and professional work on behalf of the SWAMP project.

The vulnerability allows authenticated SWAMP users to obtain unauthorized administrative rights. At this time, we do not believe the vulnerability is known outside of the SWAMP team or being actively exploited, but we recommend SWAMP-in-a-Box deployers upgrade to this latest version as soon as possible. If you are unable to upgrade, you should disable any untrusted users as a temporary mitigation.

Additionally, we have updated the SWAMP-in-a-Box install/upgrade script to be tied to HTCondor version 8.4.11. Please contact us if you are currently running HTCondor version 8.6.0.

Packages for new installs can be found at https://github.com/mirswamp/deployment (GitHub) and https://platform.swampinabox.org/siab-latest-release/ (SWAMP read-only server).

Instructions for upgrading can be found in README-UPGRADE.md.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s