CVE-2022-25237

Name of the Vulnerable Software and Affected Versions Bonita Web version 2021.2

Description Bonita Web 2021.2 is affected by an authentication/authorization bypass due to an overly permissive exclusion pattern within the RestAPIAuthorizationFilter. Appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL allows users without proper privileges to access privileged API endpoints. Exploiting privileged API actions can lead to remote code execution. Real-world exploitation of this issue has been observed, as demonstrated in a server compromise and a HackTheBox challenge (Meerkat/Sherlock). The exploitation involved credential stuffing and leveraging the vulnerability to gain root shell access.

API Endpoints: Affected API endpoints are accessible through URL manipulation. Vulnerable Parameters or Variables: The URL itself is manipulated by appending ``;i18ntranslationor/../i18ntranslation/`.

Recommendations Bonita Web version 2021.2: Implement a more restrictive pattern for the RestAPIAuthorizationFilter to prevent unauthorized access to privileged API endpoints.