Описание
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
Отчет
Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release. Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.
Меры по смягчению последствий
The following conditions are needed for an exploit, we recommend avoiding all if possible
- Deserialization from sources you do not control
enableDefaultTyping()@JsonTypeInfo usingid.CLASSorid.MINIMAL_CLASS`
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | jackson-databind | Out of support scope | ||
| Red Hat JBoss A-MQ 6 | jackson-databind | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | jackson-databind | Out of support scope | ||
| Red Hat JBoss Fuse 6 | jackson-databind | Out of support scope | ||
| Red Hat Mobile Application Platform 4 | jackson-databind | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | jackson-databind | Affected | ||
| Red Hat OpenShift Container Platform 3.10 | elasticsearch-cloud-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | elasticsearch-cloud-kubernetes | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...
Уязвимость компонента P6DataSource библиотеки Jackson-databind проекта FasterXML, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3