Lucene search
PRIOn knowledge basePRION:CVE-2022-43416HistoryOct 19, 2022 - 4:15 p.m.
Design/Logic Flaw
2022-10-1916:15:00
PRIOn knowledge base
www.prio-n.com
jenkins katalon plugin
logic flaw
agent/controller message
jenkins controller
katalon
configurable arguments
attackers
arbitrary os commands
Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.
Related
osv
osv
CVE-2022-43416
2022-10-19 16:15:11
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure
2022-10-19 19:00:18
cve
cve
CVE-2022-43416
2022-10-19 16:15:11
nvd
nvd
CVE-2022-43416
2022-10-19 16:15:11
cvelist
cvelist
CVE-2022-43416
2022-10-19 00:00:00
github
github
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure
2022-10-19 19:00:18
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-10-19)
2023-03-03 00:00:00