Hello and welcome to the Friday, May 26, 2023 edition of the Zanz and the Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. If you're looking for a system to manage alerts and cases in your sock.

Tom has a great little diary for you today looking at the hive.

That's a very famous and a frequently used system for this.

And then DFR Iris.

These two systems are both open source.

They do support alert cues.

They have case management, playbooks, everything you need in order to basically have some robust

alert and case management for your SOC.

So quick introduction here to, in particular,FIR iris and with links for more information.

And yesterday I mentioned how GitLab released version 16.0.1. It fixes a critical C-VAS score.

10 vulnerability.

It's a directory traversal vulnerability.

And, well, one of the questions, of course, always, how it's going to be exploited.

Well, we do have a proof of concept exploit available now. One of the dependencies here is that the project that you are

actually submitting a comment with an attachment to has to be nested in at least five

groups. This then triggers the directory traversal, essentially a URL encoded slash that's

not properly escaped, and with

that Netnet hacker is able to read arbitrary files from the system. The proof of concept just reads

the Etsy password file. So this is now definitely a vulnerability that you do want to patch before you leave for the weekend.

Yes, it has some dependencies like these nested projects and such,

but I wouldn't count on you finding all the projects and all the nested relationships

to adequately make sure that you're not vulnerable.

...