An NSA SkillTree training platform vulnerability has been uncovered

An NSA SkillTree training platform vulnerability has been uncovered

A recent study by Contrast Security has exposed a possible vulnerability in a training platform known as SkillTree, which is maintained by the NSA on GitHub.

Malicious individuals have been known to use GitHub as an open-source development platform to host malware. With this in mind, researchers set out to identify and understand security weaknesses in popular GitHub repositories.

The study revealed the presence of a cross-site request forgery (CSRF) vulnerability in SkillTree. This flaw allows a malicious actor to target an authenticated Skills Service administrator on SkillTree to manipulate videos, text, and captions. The vulnerability, identified as CVE-2024-39326, is considered moderate, and the developers have been notified, with a patched version now available for public use.

Researchers believe that this vulnerability arose due to a lack of CSRF protection in the SkillTree application.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC