Hyperreality

**Name of the Vulnerable Software and Affected Versions** SFTPGo versions prior to 2.6.3 **Description** SFTPGo has a feature that allows the EventManager to execute scripts or run applications in response to certain events. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. The issue allows potential remote code execution. **Recommendations** For versions prior to 2.6.3, consider upgrading to version 2.6.3 or later, where running system commands is disabled by default and an allow list has been added to define which commands are allowed to be configured from the WebAdmin UI. As a temporary workaround, restrict the EventManager to be used only by SFTPGo administrators who also have shell access.

**Name of the Vulnerable Software and Affected Versions** Sliver version 1.6.0 (prerelease) Sliver versions prior to 1.6.0 **Description** Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. It is vulnerable to remote code execution (RCE) on the teamserver by a low-privileged "operator" user, allowing the operator to run commands as the system root user. This vulnerability can be exploited to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. The issue arises from a command injection in the `generate msf-stager` command, which can be used to inject the `--out` flag to `msfvenom` and overwrite Sliver's own go binary. **Recommendations** For Sliver version 1.6.0 (prerelease), avoid using Sliver in production until the issue is resolved. For Sliver versions prior to 1.6.0, update to a version that includes the fix for this issue, once available. As a temporary workaround, consider restricting access to the `generate msf-stager` command to prevent exploitation. Restrict access to the vulnerable `msfvenom` command to minimize the risk of exploitation. Avoid using the `--out` flag in the `generate msf-stager` command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.