Impact
Plugins-related task handlers does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance.
Patches
The vulnerability has been addresses by improving the authorization checks on task handlers.
Workarounds
Blocking access to the /admin path from untrusted sources will reduce the probability of exploitation.
References
For more information
If you have any questions or comments about this advisory, you can contact:
- The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;
- The maintainers, by opening an issue on this repository.
thomas-chauchefoin-sonarsource Analyst
Impact
Plugins-related task handlers does not correctly verify caller's privileges. As a consequence, users with the permission
admin.logincan install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance.Patches
The vulnerability has been addresses by improving the authorization checks on task handlers.
Workarounds
Blocking access to the
/adminpath from untrusted sources will reduce the probability of exploitation.References
For more information
If you have any questions or comments about this advisory, you can contact: