CVE-2021-32634 - OpenCVE

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nsa	Emissary

Configuration 1 [-]

cpe:2.3:a:nsa:emissary:6.4.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7
https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-05-21T17:15:11

Updated: 2024-08-03T23:25:30.885Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32634

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-21T18:15:08.550

Modified: 2021-05-27T22:37:37.647

Link: CVE-2021-32634

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "emissary", "vendor": "NationalSecurityAgency", "versions": [{"status": "affected", "version": "< 6.5.0"}]}], "descriptions": [{"lang": "en", "value": "Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-21T17:15:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7"}], "source": {"advisory": "GHSA-m5qf-gfmp-7638", "discovery": "UNKNOWN"}, "title": "Deserialization of Untrusted Data in Emissary", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32634", "STATE": "PUBLIC", "TITLE": "Deserialization of Untrusted Data in Emissary"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "emissary", "version": {"version_data": [{"version_value": "< 6.5.0"}]}}]}, "vendor_name": "NationalSecurityAgency"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502: Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638", "refsource": "CONFIRM", "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638"}, {"name": "https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7", "refsource": "MISC", "url": "https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7"}]}, "source": {"advisory": "GHSA-m5qf-gfmp-7638", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.885Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32634", "datePublished": "2021-05-21T17:15:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nsa:emissary:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF99ADFE-7A2E-49BF-A16B-432A085CDD46", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources."}, {"lang": "es", "value": "Emissary es un workflow framework distribuido, de igual a igual, basado en datos. Emissary versi\u00f3n 6.4.0, es vulnerable a una Deserializaci\u00f3n No Segura de peticiones post-autenticadas al Endpoint REST [\"WorkSpaceClientEnqueue.action\"] (https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/srvac/emisary/jamvc/internal/ WorkSpaceClientEnqueueAction.java) . Este problema puede conllevar a una Ejecuci\u00f3n de C\u00f3digo Remota posterior a la autenticaci\u00f3n. Este problema ha sido parcheado en versi\u00f3n 6.5.0. Como soluci\u00f3n alternativa, se puede deshabilitar el acceso a la red a Emissary desde fuentes no confiables"}], "id": "CVE-2021-32634", "lastModified": "2021-05-27T22:37:37.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-05-21T18:15:08.550", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NationalSecurityAgency/emissary/commit/40260b1ec1f76cc92361702cc14fa1e4388e19d7"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-m5qf-gfmp-7638"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}