cnvd - cnvd-2020-51560

CNVD-2020-51560

Vulnerability from cnvd - Published: 2020-09-11

Title

VMware Spring Batch代码执行漏洞

Description

VMware Spring Batch是美国威睿（VMware）公司的一款用于大量数据并行处理的轻量级框架。 VMware Spring Batch 4.0.0版本至4.0.4版本、4.1.0版本至4.1.4版本和4.2.0版本至4.2.2版本中的Jackson配置存在代码执行漏洞，攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

VMware Spring Batch代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tanzu.vmware.com/security/cve-2020-5411

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-5411

Impacted products

Name
['VMware Spring Batch >=4.0.0，<=4.0.4', 'VMware Spring Batch >=4.1.0，<=4.1.4', 'VMware Spring Batch >=4.2.0，<=4.2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5411"
    }
  },
  "description": "VMware Spring Batch\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5927\u91cf\u6570\u636e\u5e76\u884c\u5904\u7406\u7684\u8f7b\u91cf\u7ea7\u6846\u67b6\u3002\n\nVMware Spring Batch 4.0.0\u7248\u672c\u81f34.0.4\u7248\u672c\u30014.1.0\u7248\u672c\u81f34.1.4\u7248\u672c\u548c4.2.0\u7248\u672c\u81f34.2.2\u7248\u672c\u4e2d\u7684Jackson\u914d\u7f6e\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tanzu.vmware.com/security/cve-2020-5411",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51560",
  "openTime": "2020-09-11",
  "patchDescription": "VMware Spring Batch\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5927\u91cf\u6570\u636e\u5e76\u884c\u5904\u7406\u7684\u8f7b\u91cf\u7ea7\u6846\u67b6\u3002\r\n\r\nVMware Spring Batch 4.0.0\u7248\u672c\u81f34.0.4\u7248\u672c\u30014.1.0\u7248\u672c\u81f34.1.4\u7248\u672c\u548c4.2.0\u7248\u672c\u81f34.2.2\u7248\u672c\u4e2d\u7684Jackson\u914d\u7f6e\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Spring Batch\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Spring Batch \u003e=4.0.0\uff0c\u003c=4.0.4",
      "VMware Spring Batch \u003e=4.1.0\uff0c\u003c=4.1.4",
      "VMware Spring Batch \u003e=4.2.0\uff0c\u003c=4.2.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5411",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-12",
  "title": "VMware Spring Batch\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2020-5411 (GCVE-0-2020-5411)

Vulnerability from cvelistv5 – Published: 2020-06-11 17:00 – Updated: 2024-09-17 01:46

Summary

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.

Severity ?

No CVSS data available.

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

pivotal

References

URL

Tags

https://tanzu.vmware.com/security/cve-2020-5411

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Spring by VMware	Spring Batch	Affected: 4 , < 4.2.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:23.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2020-5411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Batch",
          "vendor": "Spring by VMware",
          "versions": [
            {
              "lessThan": "4.2.3",
              "status": "affected",
              "version": "4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets\". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch\u0027s Jackson support is being leveraged to serialize a job\u0027s ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown \"deserialization gadgets\" when enabling default typing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-11T17:00:16",
        "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "shortName": "pivotal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2020-5411"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jackson Configuration Allows Code Execution with Unknown \"Serialization Gadgets\"",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "DATE_PUBLIC": "2020-06-11T00:00:00.000Z",
          "ID": "CVE-2020-5411",
          "STATE": "PUBLIC",
          "TITLE": "Jackson Configuration Allows Code Execution with Unknown \"Serialization Gadgets\""
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Batch",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4",
                            "version_value": "4.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets\". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch\u0027s Jackson support is being leveraged to serialize a job\u0027s ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown \"deserialization gadgets\" when enabling default typing."
            }
          ]
        },
        "impact": null,
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502: Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2020-5411",
              "refsource": "CONFIRM",
              "url": "https://tanzu.vmware.com/security/cve-2020-5411"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
    "assignerShortName": "pivotal",
    "cveId": "CVE-2020-5411",
    "datePublished": "2020-06-11T17:00:16.564695Z",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:46:53.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-51560

CVE-2020-5411 (GCVE-0-2020-5411)

Tags

Sightings

Nomenclature