CVE-2022-25842 - OpenCVE

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Alibabagroup	One-java-agent

Configuration 1 [-]

cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java	Exploit Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29	Patch Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf	Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T00:00:00

Updated: 2022-05-01T15:25:39

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25842

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-01T16:15:08.710

Modified: 2022-05-11T16:40:22.667

Link: CVE-2022-25842

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "com.alibaba.oneagent:one-java-agent-plugin", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Akhil Jain"}], "datePublic": "2022-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Write via Archive Extraction (Zip Slip)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-01T15:25:39", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}], "title": "Arbitrary File Write via Archive Extraction (Zip Slip)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-05-01T15:20:07.391520Z", "ID": "CVE-2022-25842", "STATE": "PUBLIC", "TITLE": "Arbitrary File Write via Archive Extraction (Zip Slip)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "com.alibaba.oneagent:one-java-agent-plugin", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Akhil Jain"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Write via Archive Extraction (Zip Slip)"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"name": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"name": "https://github.com/alibaba/one-java-agent/pull/29", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"name": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25842", "datePublished": "2022-05-01T00:00:00", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2022-05-01T15:25:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D0517CE-B63F-4968-B9B0-5EEC9784C072", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}, {"lang": "es", "value": "Todas las versiones del paquete com.alibaba.oneagent:one-java-agent-plugin son vulnerables a una Escritura Arbitraria de Archivos por medio de la Extracci\u00f3n de Archivos (Zip Slip) usando un archivo especialmente dise\u00f1ado que contenga nombres de archivos para saltar directorios (por ejemplo ../../evil.exe). El atacante puede sobrescribir los archivos ejecutables e invocarlos remotamente o esperar a que el sistema o el usuario los llame, logrando as\u00ed la ejecuci\u00f3n de comandos remota en la m\u00e1quina de la v\u00edctima"}], "id": "CVE-2022-25842", "lastModified": "2022-05-11T16:40:22.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-05-01T16:15:08.710", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}