CVE-2024-3094 and Release Automation
Article ID: 281981
Updated On:
Products
CA Release Automation - Release Operations Center (Nolio)
CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction
Recently, the vulnerability XZ Utils Backdoor was found in Linux:
Does this affects Release Automation?
Environment
Release Automation - 6.x
Resolution
Nolio Release Automation doesn't use XZ Utils, which means it's not affected by this vulnerability.
Additional Information
One thing to keep in mind is that this is a Linux vulnerability and, even though RA doesn't directly uses it, users are still able to create their own deployments and do whatever they want, including running whatever utility they have. This means the OS Administrator needs to remediate this vulnerability using his own resources as a way to avoid any app (like Nolio) can run and exploit this vulnerability.
Feedback
Yes
No
Powered by
