CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Apr 22, 2023
Patch Management / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136 (CVSS score - TBD) - Google Chrome Skia Integer Overflow Vulnerability "In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023. Data gathered by GreyNoise shows that as many as 18 unique malicious IP addresses from the U.S., the Netherlands, France, Japan, and Finland have attempted to exploit the flaw over the past 30 days. The threat intelligence company, in an alert p