Описание
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
Отчет
In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix. [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | h2 | Out of support scope | ||
| Red Hat build of Apicurio Registry 2 | h2 | Affected | ||
| Red Hat Decision Manager 7 | h2 | Not affected | ||
| Red Hat Fuse 7 | h2 | Not affected | ||
| Red Hat Integration Camel K 1 | h2 | Not affected | ||
| Red Hat JBoss BRMS 5 | h2 | Out of support scope | ||
| Red Hat JBoss BRMS 6 | h2 | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | h2 | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | h2 | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | h2 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...
Уязвимость метода org.h2.util.JdbcUtils.getConnection системы управления базами данных H2, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3