A vulnerability was discovered in an NSA SkillTree training platform

Image via Unsplash

Research from Contrast Security has unveiled a potential vulnerability within a training platform called SkillTree. This training platform is maintained on GitHub by the NSA.

GitHub has been used by malicious actors as an open-source development platform to house malware. For this reason, researchers aimed to uncover and understand security vulnerabilities in popular GitHub repositories.

Through the research, it was discovered that a cross-site request forgery (CSRF) vulnerability existed within SkillTree. This vulnerability provides a malicious actor with the ability to target a logged-in SkillTree’s Skills Service administrator to alter videos, text and captions. This vulnerability was designated CVE-2024-39326 and is rated moderate. The maintainers have been informed of the vulnerability and a patched version has been publicly released.

Researchers assert that this vulnerability existed due to a lack of CSRF protections within the SkillTree application.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.