Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Gainsight Supply Chain Vulnerability in Salesforce-Integrated App Discovered and Remediated
Advertisements

Gainsight, a provider of customer success software, addressed a security vulnerability in its Product Experience (PX) platform after being alerted by cybersecurity firm Varonis. The flaw, identified as a novel supply chain attack vector, originated from a misconfigured Amazon Web Services (AWS) S3 bucket. Gainsight PX is an application available on the Salesforce AppExchange, a marketplace for business apps.

The issue was discovered by a security researcher from Varonis Threat Labs who found a public-facing AWS S3 bucket belonging to Gainsight. An investigation revealed the bucket contained a JavaScript file named ‘gainsight-px’ which was configured with write permissions for any authenticated AWS user. This misconfiguration created a direct path for a potential supply chain attack.

Discovery of the S3 Bucket Misconfiguration

The Varonis researcher, Orin Pozner, identified the insecure S3 bucket and its permissions. The vulnerability allowed any user with a valid AWS account to modify the ‘gainsight-px’ JavaScript file. This script is designed to be embedded by Gainsight’s customers into their own applications to deliver product experience functionalities. By modifying this central file, an actor could distribute malicious code to all end-users of the client applications that integrated the script.

To confirm the vulnerability, the Varonis team executed a proof-of-concept. The researcher modified the JavaScript file to include a benign popup alert. This altered script was then successfully served to Varonis’s own Gainsight PX environment, demonstrating that the attack vector was viable and that custom code could be injected and executed on customer platforms.

Gainsight’s Response and Remediation

Following the discovery, Varonis reported the vulnerability to Gainsight. According to the report, Gainsight’s security team remediated the misconfiguration within two hours of being notified. Gainsight’s Chief Information Security Officer (CISO), Ben Mussi, confirmed the fix. Mussi stated that the issue was limited to a development environment for the PX product and was related to an S3 bucket misconfiguration.

An internal investigation conducted by Gainsight found no evidence of any malicious activity beyond the proof-of-concept demonstrated by the Varonis researcher. The CISO also affirmed that no customer data was impacted as a result of the vulnerability. The prompt action by Gainsight prevented the exploitation of the flaw.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading