CVE-2022-43416

{"id": "CVE-2022-43416", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-10-19T16:15:11.000", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands."}, {"lang": "es", "value": "Jenkins Katalon Plugin versiones 1.0.32 y anteriores, implementa un mensaje agent/controller que no limita d\u00f3nde puede ser ejecutado y permite invocar Katalon con argumentos configurables, permitiendo a atacantes capaces de controlar los procesos del agente invocar Katalon en el controlador de Jenkins con la versi\u00f3n, ubicaci\u00f3n de instalaci\u00f3n y argumentos controlados por el atacante, y a atacantes adicionalmente capaces de crear archivos en el controlador de Jenkins (por ejemplo, los atacantes con permiso de Item/Configure podr\u00edan archivar artefactos) para invocar comandos arbitrarios del Sistema Operativo"}], "lastModified": "2023-11-01T20:43:35.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:katalon:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "68F6AFE5-0106-479D-9C4A-2AB6BB5C6596", "versionEndExcluding": "1.0.33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "vulnerable": false, "matchCriteriaId": "988C6F39-A7CD-4CF3-8E38-A0179F078528", "versionEndIncluding": "2.303.2"}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "vulnerable": false, "matchCriteriaId": "F7399F73-979B-4229-A283-53BFB4C6A768", "versionEndIncluding": "2.318"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}