Security: Insufficient validation on Java Version setting. #464
Labels
bug
core
promoted
reproducable
Issues that can be reproduced by developers
security
For issues that present security issues.
Projects
This was originally reported to us privately by Joel Frederick-Lewis - CVE-2021-34539
This issue exists for record keeping and disclosure purposes.
Bug Report
System Information
I confirm:
Symptoms
The 'Java Version' setting within AMP doesn't validate its setting in the way you'd expect for a potentially sensitive setting. AMP could be tricked by a malicious user (albeit one who already has a high level of access to the system) into running code that it shouldn't.
Reproduction
Alter the path to Java by using the Inspect Element tool in a browser for a given setting.
Notes
Because of the authentication and permissions requirements (users with this combination would reasonably be expected to have a high level of access to the host) this is regarded as a low risk, but potentially high impact issue. Instances running inside Docker aren't affected in the same way since they would not affect the host system.
The issue was reported on 10/06/2021 and a fix was released the same day.
The text was updated successfully, but these errors were encountered: