GHSA-g86j-hwg9-77q5 – sentinelone

Package

Manager: pip
Name: sentinelone
Vulnerable Version: >=1.0.0 <=1.2.1 || =1.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

SentinelOne impersonated via PyPI packages In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to during installation. The packages have since been taken down from PyPI.

Metadata

Created: 2022-12-27T15:25:51Z
Modified: 2022-12-27T15:25:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-g86j-hwg9-77q5/GHSA-g86j-hwg9-77q5.json
CWE IDs: []
Alternative ID: N/A
Finding: F410
Auto approve: 1