PT-2022-3058 · Apache · Apache Flume

Published

2022-06-14

Updated

2022-06-27

CVE-2022-25167

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Flume versions 1.4.0 through 1.9.0

Description The issue is related to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI, and an attacker has control of the target LDAP server. This can allow an attacker to execute arbitrary code. The problem is also described as being related to the restoration of untrusted data in memory.

Recommendations For Apache Flume versions 1.4.0 through 1.9.0, limit JNDI to allow only the use of the java protocol or no protocol to fix the issue.

Fix

Special Elements Injection

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-502CWE-20

Related Identifiers

BDU:2022-03727

CVE-2022-25167

GHSA-X5M7-RWFX-W7QM

Affected Products

Apache Flume

PT-2022-3058 · Apache · Apache Flume

CVE-2022-25167

Weakness Enumeration

Related Identifiers

Affected Products

References · 10