Back to Resources

Blog

Posted August 1, 2024

Vulnerability Lets Hackers Do Cryptomining on Your Selenium Grid

The remedy is simple but still impacts your operations.

Hacker News recently reported a hacker campaign “targeting older versions of Selenium (3.141.59 and prior).” Allegedly, the coordinated campaign has been going on since April of last year. The attack would allow a malicious user to run the XMRig crypto-miner on your in-house Selenium grid, potentially running up your AWS or Azure account into the millions of dollars if undetected.

The remedy is to upgrade your instance to the latest version and ensure firewall permissions and authentications are configured properly.  

Security firm, Wiz, who discovered the vulnerability, identified more than 30,000 instances of Selenium that are exposed to the threat. That’s a lot of administrators who will (or should be) spending unplanned time on remediation this week - taking them away from their regular tasks and potentially delaying this week’s release while they fix, test, deploy, and attest the fix is in place.

That last step (attestation) is especially important to any regulated organization. Undetected remote code execution on your infrastructure would have a material impact on the organization’s risk posture. 

  1. The Selenium administrator would have to prove the fix was in place.

  2. The Risk Steward would have to review the fix against current policies and standards.

  3. The Risk Management team would require evidence the fix was effective so they can report to the CISO and to external regulators.

  4. The CISO would also have to explain to the Board how the vulnerability happened, what steps are in place to ensure something similar doesn’t recur, and the potential impact on the company’s brand or stock price.

That’s a lot of unplanned work for a lot of people. While they are doing that, what happens to this week’s release? What do the developers do while they wait?

What about Sauce Labs?

Are Sauce Labs customers exposed to this issue? Simple answer, no.  You cannot use Sauce Labs without authenticating to our platform, which removes the risk of a malicious actor getting access. In addition, our security experts have mechanisms in place to constantly monitor our infrastructure to detect and alert about suspicious activity.  After all, if we didn’t ensure our systems are secure, we wouldn’t have SOC2, Type II, ISO 27001, and ISO 27701 certifications. 

If you know anyone running their own Selenium grid in-house, please pass this along to them so they can protect themselves.  

If you're thinking about building your own Selenium grid, please factor this into everyone’s workload. Not only will your grid admin need to spend time weekly on updates, they will also have to ensure all security measures are in place and tested - taking them away from the rest of their tasks.

Senior Product Marketing Manager at Sauce Labs
Senior Product Marketing Manager
Published:
Aug 1, 2024
Topics
Share this post
Copy Share Link

Every experience counts.

We're living in the internet. Not on it, but in it. Our lives run solely on software, so we should probably make sure it's quality, right?

© 2023 Sauce Labs Inc., all rights reserved. SAUCE and SAUCE LABS are registered trademarks owned by Sauce Labs Inc. in the United States, EU, and may be registered in other jurisdictions.