etcher icon indicating copy to clipboard operation
etcher copied to clipboard

Published 20 hours ago verified publisher icon balena-io

Request to Fix the Security Issue reported [Private]

Open febinrev opened this issue 1 year ago • 2 comments

Hi,

This is Febin Mon Saji, an independent Security researcher. I reported a root privilege escalation via race-condition vulnerability (for linux) couple of months back, via [email protected] and acknowledged by Balena team and even got a Swag pack. I hope you the developers are aware of the vulnerability and are already working on the patch and hope the newer version will be released soon.

As the vendor confirmed the issue and working on the patch, I wish to apply for a CVE id for the said vulnerability.

Let me know your thoughts.

Thanks.

febinrev avatar Oct 05 '23 19:10 febinrev

As expressed privately (adding it here for transparency), we're in the middle of a quite deep revamp to address this and other issues.

Thanks for being patient, we take this seriously.

aethernet avatar Oct 13 '23 12:10 aethernet

I hope the issue is fixed in the new pre-release version v1.18.13.

febinrev avatar Nov 30 '23 20:11 febinrev