Overview
- Description
- In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.4 Background info: Log in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the "Build Argument". Note that there is no verification and interception of the special character "`". As a result, you will find that this injection command will be successfully executed after executing the build. In the latest version, the special symbol ` is intercepted.
- Source
- security@apache.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.7
- Impact score
- 3.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Weaknesses
- security@apache.org
- CWE-77
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA1D77DB-B854-44DA-9749-A3F326BD4D06",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.0.0"
}
],
"operator": "OR"
}
]
}
]