Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Insufficient validation on Java Version setting. #464

Closed
3 tasks done
PhonicUK opened this issue Jun 10, 2021 · 2 comments
Closed
3 tasks done

Security: Insufficient validation on Java Version setting. #464

PhonicUK opened this issue Jun 10, 2021 · 2 comments
Assignees
Labels
bug core promoted reproducable Issues that can be reproduced by developers security For issues that present security issues.
Projects

Comments

@PhonicUK
Copy link
Contributor

PhonicUK commented Jun 10, 2021

This was originally reported to us privately by Joel Frederick-Lewis - CVE-2021-34539
This issue exists for record keeping and disclosure purposes.

Bug Report

System Information

  • Windows, Linux
  • 10/06/2021 B2
  • Development

I confirm:

  • that I have searched for an existing bug report for this issue.
  • that I am using the latest available version of AMP.
  • that my operating system is up-to-date.

Symptoms

The 'Java Version' setting within AMP doesn't validate its setting in the way you'd expect for a potentially sensitive setting. AMP could be tricked by a malicious user (albeit one who already has a high level of access to the system) into running code that it shouldn't.

Reproduction

Alter the path to Java by using the Inspect Element tool in a browser for a given setting.

Notes

Because of the authentication and permissions requirements (users with this combination would reasonably be expected to have a high level of access to the host) this is regarded as a low risk, but potentially high impact issue. Instances running inside Docker aren't affected in the same way since they would not affect the host system.

The issue was reported on 10/06/2021 and a fix was released the same day.

@PhonicUK PhonicUK added bug promoted core reproducable Issues that can be reproduced by developers security For issues that present security issues. labels Jun 10, 2021
@PhonicUK PhonicUK self-assigned this Jun 10, 2021
@PhonicUK PhonicUK added this to Needs triage in AMP Core via automation Jun 10, 2021
@PhonicUK
Copy link
Contributor Author

Fixed in 2.1.1.8.

AMP Core automation moved this from Needs triage to Closed Jun 10, 2021
@PhonicUK
Copy link
Contributor Author

This issue was assigned CVE-2021-34539

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug core promoted reproducable Issues that can be reproduced by developers security For issues that present security issues.
Projects
AMP Core
  
Closed
Development

No branches or pull requests

1 participant