Dear GoFAST Community Member,
A critical "0-days" vulnerability has been found, affecting a large number of information systems around the world, which may include security equipment, virtualization solutions, embedded systems, etc.
The CEO-Vision security team started the impact analysis on GoFAST this weekend, with a first observation:
- The components potentially affected by this vulnerability are the Apache Solr search engine and the Jitsi Videobridge video conferencing component.
- After scanning our Tenable security tool on the latest version of GoFAST v3 (and its Open Source components), the vulnerability was not detected as being exploitable.
- The tests carried out on GoFAST instances have shown that the vulnerability was not exploitable so far, however we have taken immediate steps to prevent this risk.
Preventive actions taken immediately:
All GoFAST Enterprise platforms of our customers, accessible via standard remote administration, were nevertheless applied a mitigation patch making it impossible to exploit the vulnerability, starting with customers receiving 24/7 support, then 6 days a week, then the standard support.
Customers imposing a request for a controlled access to their GoFAST platform for maintenance, cannot benefit from a patch as soon as possible and are therefore responsible for the consequences related to this security vulnerability.
We will keep you informed through the GoFAST community forums : please subscribe to the forums to be alerted as soon as possible.
The GoFAST Support Team