CVE-2022-43416 – org.jenkins-ci.plugins:katalon

Package

Manager: maven
Name: org.jenkins-ci.plugins:katalon
Vulnerable Version: >=0 <1.0.33

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00512 pctl0.65485

Details

Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments. It allows attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments. Attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) can invoke arbitrary OS commands. Katalon Plugin 1.0.33 changes the message type to controller-to-agent, preventing execution on the controller.

Metadata

Created: 2022-10-19T19:00:18Z
Modified: 2023-10-27T20:55:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-q6f6-6c4p-xph4/GHSA-q6f6-6c4p-xph4.json
CWE IDs: ["CWE-693"]
Alternative ID: GHSA-q6f6-6c4p-xph4
Finding: F115
Auto approve: 1