CVE-2022-1030

Name of the Vulnerable Software and Affected Versions Okta Advanced Server Access Client for Linux and macOS versions prior to 1.58.0

Description The issue allows for command injection via a specially crafted URL. An attacker with knowledge of a valid team name for the victim and a valid target host where the user has access can execute commands on the local system.

Recommendations For versions prior to 1.58.0, update to version 1.58.0 or later to resolve the issue. As a temporary workaround, consider restricting access to specially crafted URLs to minimize the risk of exploitation.