A recent report from Rezilion has shed light on some noteworthy vulnerabilities found in the first half of 2023 and provided recommended remediation strategies.
The vulnerabilities span various sources, including development processes, open source software and supply chains.
One such vulnerability regards Apache Superset (CVE-2023-27524). With Common Vulnerability Scoring System (CVSS) 9.8, the critical flaw exposed organizations to unauthorized access due to the use of default configurations.
Additionally, PaperCut (CVE-2023-27350) and Fortinet FortiOS (CVE-2022-41328) vulnerabilities allowed attackers to bypass authentication and execute code with system privileges. They had CVSS 9.8 and 7.1 scores, respectively.
The JsonWebToken vulnerability (tracked CVE-2022-23529) is also mentioned in the report. The flaw was a significant concern, initially assigned a high CVSS score of 9.8.
However, upon closer examination and thorough analysis, the severity of this vulnerability was reevaluated and subsequently retracted. This highlights the critical role of meticulous scrutiny and active community involvement in ensuring precise assessments and effective mitigation strategies.