CVE-2022-43416

HIGH8.8EPSS 2.7%

Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure

發布日:2022/10/19修改日:2024/2/16

描述

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments. It allows attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments. Attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) can invoke arbitrary OS commands. Katalon Plugin 1.0.33 changes the message type to controller-to-agent, preventing execution on the controller.

受影響套件(1)

Maven/org.jenkins-ci.plugins:katalonfrom 0, < 1.0.33

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43416
WEBhttps://github.com/jenkinsci/katalon-plugin/commit/0ee4b34afdcba367b547aa0a706cb1c66ac9f45a
WEBhttps://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844
WEBhttp://www.openwall.com/lists/oss-security/2022/10/19/3