Security Bulletin – Rego SAAS not impacted by CVE-2024-3094 vulnerability

Rego is dedicated to protecting and securing your data stored in Clarity, hosted by Rego on Amazon Web Services. 

We have confirmed that the CVE-2024-3098 vulnerability and related exploits do not impact Rego AWS SAAS.

What is CVE-2024-3094 vulnerability?

CVE-2024-3094 is a critical vulnerability in xz’s liblzma, versions 5.6.0 and 5.6.1, allowing remote code execution (RCE) by bypassing SSH authentication. Discovered in upstream tarballs, it involves complex obfuscations to inject malicious code during the build process, modifying liblzma functions. This backdoor can intercept and alter data interactions with any linked software.

If you have any questions or concerns, please do not hesitate to contact our Rego SaaS support team at SaaSSupportTeam@regoconsulting.com. 

 Thank you for your understanding and cooperation as we work to improve our services. 

Sincerely, 

Rego SaaS Support Team