Когда Firefox, начиная с версии Firefox 55, перестал поддерживать Selenium IDE, миллионы тестировщиков и разработчиков столкнулись с тем, что привычный ход работы по автоматизированному тестированию был нарушен, что вызвало среди них немалое беспокойство. К счастью, разработки в данной области продолжились, и не так давно команда Katalon представила Katalon Recorder – инструмент, который был разработан как альтернатива Selenium IDE. Читать дальше →
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary
selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.