Top Jfrog Security Research Discoveries Of 2024
Thumbnail
In 2024, an alarming increase in reported vulnerabilities rose by 40%, exceeding 40,000 CVEs, prompting the JFrog Security Research team’s critical assessments of threats to application security. The team has highlighted significant vulnerabilities in MLOps platforms, Docker Hub repositories, and open-source libraries, exposing users to possible malware and exploitation. Affected: MLOps platforms, Docker Hub, Python Software Foundation, Hugging Face, PyPI, X.Org libX11, XZ Utils

Keypoints :

  • 40% increase in reported vulnerabilities, reaching over 40,000 CVEs in 2024.
  • The JFrog Security Research team emphasizes the importance of protecting software code, including machine learning models.
  • Inherent and implementation vulnerabilities in MLOps platforms were identified.
  • Discovery of ~4.6 million imageless repositories in Docker Hub posing potential phishing threats.
  • Leaked GitHub access token discovered in a public Docker container, risking broad access to repositories.
  • Vanna.AI library found to allow remote code execution through crafted prompts.
  • Malicious model uploaded to Hugging Face providing attackers with backdoor access to systems.
  • “Revival Hijack” attack method identified that can exploit 22K PyPI packages.
  • Two vulnerabilities in X.Org libX11 could lead to denial-of-service and remote code execution.
  • Unauthorized remote SSH access detected in XZ Utils, a trusted package, showcasing supply chain threats.

MITRE Techniques :

  • Execution (T1203) – Remote code execution possible through vulnerabilities in machine learning libraries and other software.
  • Credential Dumping (T1003) – Access tokens leaked via public repositories may lead to credential exposure.
  • Phishing (T1566) – Imageless Docker Hub repositories aim to deceive users into visiting malicious sites.
  • Supply Chain Compromise (T1195) – Attacks targeting the integrity of software packages like XZ Utils.
  • Remote Access (T1210) – Unauthorized SSH access enabled by malicious code in trusted software.

Full Story: https://jfrog.com/blog/top-jfrog-security-research-discoveries-of-2024/