CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nepxion:discovery:*:*:*:*:*:spring_cloud:*:*

History

No history.

Information

Published : 2022-09-24 05:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-23463

Mitre link : CVE-2022-23463

CVE.ORG link : CVE-2022-23463

JSON object : View

Products Affected

nepxion

discovery

CWE

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

{"id": "CVE-2022-23463", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}]}, "published": "2022-09-24T05:15:08.610", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-917"}]}], "descriptions": [{"lang": "en", "value": "Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver\u2019s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds."}, {"lang": "es", "value": "Nepxion Discovery es una soluci\u00f3n para Spring Cloud. Discover es vulnerable a una inyecci\u00f3n de SpEL en discovery-commons. El m\u00e9todo eval de DiscoveryExpressionResolver eval\u00faa la expresi\u00f3n con un StandardEvaluationContext, permitiendo a la expresi\u00f3n alcanzar e interactuar con clases Java como java.lang.Runtime, conllevando a una ejecuci\u00f3n de c\u00f3digo remota. No se presenta ning\u00fan parche disponible para este problema en el momento de la publicaci\u00f3n. No se presentan mitigaciones conocidas.\n"}], "lastModified": "2022-09-28T15:36:09.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nepxion:discovery:*:*:*:*:*:spring_cloud:*:*", "vulnerable": true, "matchCriteriaId": "E03F780C-9027-47FD-9114-495628B1CF42", "versionEndIncluding": "6.16.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}