GHSA-JC69-HJW2-FM86

Vulnerability from github – Published: 2022-10-12 18:23 – Updated: 2022-10-12 18:23
VLAI?
Summary
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
Details

Impact

A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.

Patches

This issue is patched within redshift-jdbc-42 2.1.0.8 and above.

Workarounds

We advise customers using plugins to upgrade to redshift-jdbc42 version 2.1.0.8 or above. There are no known workarounds for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS Security at aws-security@amazon.com.

Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.amazon.redshift:redshift-jdbc42"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-12T18:23:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA potential remote command execution issue exists within `redshift-jdbc42` versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the `sslhostnameverifier`, `socketFactory`, `sslfactory`, and `sslpasswordcallback` connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.\n\n### Patches\n\nThis issue is patched within `redshift-jdbc-42` 2.1.0.8 and above.\n\n### Workarounds\n\nWe advise customers using plugins to upgrade to `redshift-jdbc42` version 2.1.0.8 or above. There are no known workarounds for this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please contact AWS Security at [aws-security@amazon.com](mailto:aws-security@amazon.com).\n",
  "id": "GHSA-jc69-hjw2-fm86",
  "modified": "2022-10-12T18:23:36Z",
  "published": "2022-10-12T18:23:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41828"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.