United Nations Security Flaw Exposed 100K Staff Records

  /     /     /  
Publicated : 23/11/2024   Category : security

United Nations Security Flaw Exposed 100K Staff Records


Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.


Security researchers have disclosed a vulnerability they exploited to access at least 100,000 private records belonging to employees of the United Nations Environmental Programme (UNEP).
Jackson Henry, John Jackson, Nick Sahler, and Aubrey Cottle, a team with security research group Sakura Samurai, discovered the flaw while looking for bugs affecting UN systems, Bleeping Computer reports. They found exposed Git directories and Git credential files on domains connected to both the UNEP and the UN International Labour Organization (ILO); they were able to dump the contents of these files and clone repositories.
The Git directory held sensitive files, including WordPress configuration files containing admin database credentials. These credentials gave the team access to at least 100,000 UN employee records from multiple systems. Exfiltrated data included employee ID, name, employee group, travel justification, start and end dates, approval status, destination, and the length of stay.
Researchers were also able to access more UN databases containing generalized employee records, employee evaluation reports, project funding source records, and human resources demographic data, including nationality, gender, and pay grade, for thousands of UN workers. 
The researchers say the issue has now been addressed. Read the full findings
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
United Nations Security Flaw Exposed 100K Staff Records