Tenable Research recently disclosed the discovery of a vulnerability impacting Citrix ShareFile. If exploited, the reflected cross-site scripting vulnerability could have allowed a malicious actor to steal login credentials, tokens, execute code in the context of a victim’s browser, or perform a variety of other malicious actions.

Despite the potential impact of the vulnerability, Citrix has elected not to publish information regarding this issue or provide notice to customers after they patched the issue. Customers are entirely beholden to the cloud providers to fix reported issues, forced to blindly trust that proper care has gone into effectively remediating any vulnerabilities. This lack of transparency is a disservice to their customers and leaves them in the dark about their exposure to risk before patches were issued. The practice of silent patching by cloud service providers hinders risk assessment and creates new challenges for security teams to understand the risks of their cloud environments. While a patch was issued, potentially affected customers may be unaware that any nefarious activity took place.

With ransomware groups like CL0P targeting file transfer applications including Fortra’s GoAnywhere managed file transfer (MFT) and Progress Software’s MOVEit Transfer MFT software, securing these solutions and identifying potential avenues for exploitation are critical to the success of staying a step ahead of opportunistic attackers.- Tenable Research Team