OpenCVE

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Jenkins Katalon

Configuration 1 [-]

AND

cpe:2.3:a:jenkins:katalon:*:*:*:*:*:jenkins:*:*

OR	cpe:2.3:a:jenkins:jenkins:::::lts:::*
	cpe:2.3:a:jenkins:jenkins:::::-:::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844

History

No history.

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2022-10-19T00:00:00

Updated: 2024-08-03T13:32:57.375Z

Reserved: 2022-10-18T00:00:00

Link: CVE-2022-43416

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-19T16:15:11.000

Modified: 2024-11-21T07:26:26.453

Link: CVE-2022-43416

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:katalon:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "68F6AFE5-0106-479D-9C4A-2AB6BB5C6596", "versionEndExcluding": "1.0.33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "988C6F39-A7CD-4CF3-8E38-A0179F078528", "versionEndIncluding": "2.303.2", "vulnerable": false}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "F7399F73-979B-4229-A283-53BFB4C6A768", "versionEndIncluding": "2.318", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands."}, {"lang": "es", "value": "Jenkins Katalon Plugin versiones 1.0.32 y anteriores, implementa un mensaje agent/controller que no limita d\u00f3nde puede ser ejecutado y permite invocar Katalon con argumentos configurables, permitiendo a atacantes capaces de controlar los procesos del agente invocar Katalon en el controlador de Jenkins con la versi\u00f3n, ubicaci\u00f3n de instalaci\u00f3n y argumentos controlados por el atacante, y a atacantes adicionalmente capaces de crear archivos en el controlador de Jenkins (por ejemplo, los atacantes con permiso de Item/Configure podr\u00edan archivar artefactos) para invocar comandos arbitrarios del Sistema Operativo"}], "id": "CVE-2022-43416", "lastModified": "2024-11-21T07:26:26.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-19T16:15:11.000", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}