Multiple vulnerabilities in Jenkins Katalon plugin
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-43416 CVE-2022-43419 CVE-2022-43417 |
| CWE-ID | CWE-254 CWE-312 CWE-862 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Katalon Web applications / Modules and components for CMS |
| Vendor | Jenkins |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU68565
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43416
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security features.
The vulnerability exists due to the agent-to-controller security bypass issue. A remote user can bypass security restrictions and execute arbitrary OS commands.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKatalon: 1.0.0 - 1.0.32
External linkshttp://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844
http://www.openwall.com/lists/oss-security/2022/10/19/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext storage of sensitive information
EUVDB-ID: #VU68568
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43419
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. A remote user can view these API keys.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKatalon: 1.0.0 - 1.0.32
External linkshttp://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846
http://www.openwall.com/lists/oss-security/2022/10/19/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Authorization
EUVDB-ID: #VU68566
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43417
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected plugin does not perform permission checks in several HTTP endpoints. A remote user can connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method and capture credentials stored in Jenkins.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKatalon: 1.0.0 - 1.0.32
External linkshttp://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)
http://www.openwall.com/lists/oss-security/2022/10/19/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
