CVE-2024-42167

Name of the Vulnerable Software and Affected Versions FIWARE Keyrock versions <= 8.4

Description The function generate app certificates in controllers/saml2/saml2.js does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisation name.

Recommendations For FIWARE Keyrock versions <= 8.4, as a temporary workaround, consider disabling the generate app certificates function until a patch is available. Restrict access to the saml2.js module to minimize the risk of exploitation. Avoid using malicious organisation names in application creation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.