Turris OS has the first CVE

You may notice we had fixed a XSS vulnerability in the Foris web interface in the recent Turris OS 5.1.6 (released 2021-01-19) and Turris OS 3.11.22 (released 2021-01-26).

Together with Niklas Volcz, who reported the vulnerability to us, we agreed to file a CVE record for it and it was assigned a few hours ago. So, Turris OS has its first CVE-2021-3346.

This issue is fixed already, so keep your devices updated!

We will disclose the GitLab issue (turris/foris/foris#201) with detailed description on Monday, February 8th 2021, to give some time for those who use delayed updates feature.

Kudos to Niklas Volcz and his responsible disclosure :clap:


This topic was automatically closed after 20 days. New replies are no longer allowed.