Aqua security researchers discovered active flaws in the PowerShell Gallery, a central repository operated by Microsoft. Threat actors could leverage the vulnerabilities to execute supply chain attacks against the repository’s users. The PowerShell Gallery allows users to share and obtain PowerShell code, modules, scripts, and Desired State Configuration resources.
The repository currently hosts 11,829 unique packages and 244,615 total packages. Aqua researchers discovered that PowerShell’s lenient package naming policy could allow typosquatting attacks through malicious PowerShell modules uploaded by threat actors. Another flaw could allow threat actors to spoof the metadata of their malicious modules and hide the author’s details. A third vulnerability provides attackers access to all package names and versions, enabling them to view the complete PowerShell package database and associated versions. Unlisted packages containing sensitive information are susceptible to compromise if threat actors leverage this flaw. Aqua reported these issues to Microsoft in September 2022, and the company implemented changes in March 2023. Aqua researchers report that these flaws are still exploitable after the patches were implemented.
Read More:
https://thehackernews.com/2023/08/experts-uncover-weaknesses-in.html