CVE-2023-49113 - OpenCVE

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan. This issue affects Kiuwan SAST: <master.1808.p685.q13371

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://r.sec-consult.com/kiuwan
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log

History

No history.

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2024-06-20T12:39:00.966Z

Updated: 2024-08-02T21:46:29.159Z

Reserved: 2023-11-22T11:08:37.654Z

Link: CVE-2023-49113

Vulnrichment

Updated: 2024-08-02T21:46:29.159Z

NVD

Status : Awaiting Analysis

Published: 2024-06-20T13:15:49.560

Modified: 2024-07-03T01:42:27.633

Link: CVE-2023-49113

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49113", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2023-11-22T11:08:37.654Z", "datePublished": "2024-06-20T12:39:00.966Z", "dateUpdated": "2024-08-02T21:46:29.159Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SAST Local Analyzer", "vendor": "Kiuwan", "versions": [{"status": "affected", "version": "<master.1808.p685.q13371", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schwarz"}, {"lang": "en", "type": "coordinator", "value": "Johannes Greil"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p></p><p></p><p></p><p>The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results. <span style=\"background-color: var(--wht);\">Several credentials were found in the JAR files of the Kiuwan Local Analyzer.</span></p><span style=\"background-color: var(--wht);\">The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account. </span><span style=\"background-color: var(--wht);\">The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.</span><br><p></p><p></p><p>This issue affects Kiuwan SAST: <master.1808.p685.q13371</p>"}], "value": "The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results.\u00a0Several credentials were found in the JAR files of the Kiuwan Local Analyzer.\n\nThe\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account.\u00a0The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.\n\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-20T12:39:00.966Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/kiuwan"}, {"tags": ["release-notes"], "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\">https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log</a></p><ul><li>XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06</li><li>Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15</li><li>Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06</li><li>Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06</li><li>Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06</li></ul><p><br> The following upgrade guide was provided by the vendor:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\">https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide</a></p><p><br>\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.</p><p>SEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.</p><ul><li>Sensitive Data Stored Insecurely for MySQL</li><li>Sensitive Data displayed for wildfly</li><li>Containers Running as root User</li><li>Containers running in the host network</li><li>Exposure of Internal Services</li></ul><br>"}], "value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services"}], "source": {"discovery": "UNKNOWN"}, "title": "Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "kiuwan", "product": "local_analyzer", "cpes": ["cpe:2.3:a:kiuwan:local_analyzer:0:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThan": "master.1808.p685.q13371", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T18:53:04.100218Z", "id": "CVE-2023-49113", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:05:57.614Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.159Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://r.sec-consult.com/kiuwan"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://r.sec-consult.com/kiuwan", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.159Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-49113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-20T18:53:04.100218Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kiuwan:local_analyzer:0:*:*:*:*:*:*:*"], "vendor": "kiuwan", "product": "local_analyzer", "versions": [{"status": "affected", "version": "0", "lessThan": "master.1808.p685.q13371", "versionType": "custom"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:02:13.163Z"}}], "cna": {"title": "Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schwarz"}, {"lang": "en", "type": "coordinator", "value": "Johannes Greil"}], "affected": [{"vendor": "Kiuwan", "product": "SAST Local Analyzer", "versions": [{"status": "affected", "version": "<master.1808.p685.q13371", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services", "supportingMedia": [{"type": "text/html", "value": "<p>The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\">https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log</a></p><ul><li>XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06</li><li>Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15</li><li>Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06</li><li>Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06</li><li>Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06</li></ul><p><br> The following upgrade guide was provided by the vendor:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\">https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide</a></p><p><br>\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.</p><p>SEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.</p><ul><li>Sensitive Data Stored Insecurely for MySQL</li><li>Sensitive Data displayed for wildfly</li><li>Containers Running as root User</li><li>Containers running in the host network</li><li>Exposure of Internal Services</li></ul><br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/kiuwan", "tags": ["third-party-advisory"]}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results.\u00a0Several credentials were found in the JAR files of the Kiuwan Local Analyzer.\n\nThe\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account.\u00a0The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.\n\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371", "supportingMedia": [{"type": "text/html", "value": "<p></p><p></p><p></p><p></p><p>The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results. <span style=\"background-color: var(--wht);\">Several credentials were found in the JAR files of the Kiuwan Local Analyzer.</span></p><span style=\"background-color: var(--wht);\">The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account. </span><span style=\"background-color: var(--wht);\">The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.</span><br><p></p><p></p><p>This issue affects Kiuwan SAST: <master.1808.p685.q13371</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-20T12:39:00.966Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49113", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:46:29.159Z", "dateReserved": "2023-11-22T11:08:37.654Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-06-20T12:39:00.966Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results.\u00a0Several credentials were found in the JAR files of the Kiuwan Local Analyzer.\n\nThe\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account.\u00a0The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.\n\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"}, {"lang": "es", "value": "La aplicaci\u00f3n de escaneo Java Kiuwan Local Analyzer (KLA) contiene varios secretos codificados en formato de texto plano. En algunos casos, esto puede comprometer potencialmente la confidencialidad de los resultados del an\u00e1lisis. Se encontraron varias credenciales en los archivos JAR del Kiuwan Local Analyzer. El archivo JAR \"lib.engine/insight/optimyth-insight.jar\" contiene el archivo \"InsightServicesConfig.properties\", que tiene los tokens de configuraci\u00f3n \"insight.github.user\" y \"insight.github.password\" precargados con credenciales. . Al menos el nombre de usuario especificado corresponde a una cuenta de GitHub v\u00e1lida. El archivo JAR \"lib.engine/insight/optimyth-insight.jar\" tambi\u00e9n contiene el archivo \"es/als/security/Encryptor.properties\", en el que se encuentra la clave utilizada para cifrar los resultados de cualquier an\u00e1lisis realizado. Este problema afecta a Kiuwan SAST: "}], "id": "CVE-2023-49113", "lastModified": "2024-07-03T01:42:27.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-20T13:15:49.560", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/kiuwan"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}