CVE-2023-51663

Summary

CVE-2023-51663 is a vulnerability in Hail, an open-source Python-based data analysis tool that works with genomic data. The vulnerability allows users to change their email addresses, which can then be used to create Hail Batch accounts and access resources in clusters they should not have access to. This can be exploited by creating accounts with email addresses from different domains and running jobs on Hail Batch clusters. While the attacker cannot access private data or impersonate other users, they can create Azure Tenants if they have Azure Active Directory Administrator access. The vulnerability affects various products associated with Hail. To remediate the issue, organizations using Hail should ensure that email address changes are properly validated and restrict access to Hail Batch accounts based on domain verification. The potential danger of this vulnerability lies in unauthorized access to resources and unauthorized use of computing resources, which could lead to financial loss or disruption of services for affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.