Okta · Okta Advanced Server Access Client · CVE-2022-1030
**Name of the Vulnerable Software and Affected Versions**
Okta Advanced Server Access Client for Linux and macOS versions prior to 1.58.0
**Description**
The issue allows for command injection via a specially crafted URL. An attacker with knowledge of a valid team name for the victim and a valid target host where the user has access can execute commands on the local system.
**Recommendations**
For versions prior to 1.58.0, update to version 1.58.0 or later to resolve the issue. As a temporary workaround, consider restricting access to specially crafted URLs to minimize the risk of exploitation.