Severe Flaw Disclosed In StackStorm DevOps Automation Software


StackStorm security vulnerability

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.

StackStorm, aka “IFTTT for Ops,” is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure actions, workflows, and scheduled tasks, in order to perform some operations on large-scale servers.

Read more…