CVE-2022-25842 - Vulnerability Details - OpenCVE

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alibabagroup	One-java-agent

Configuration 1 [-]

cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java
https://github.com/alibaba/one-java-agent/pull/29
https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf
https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T15:25:39.245954Z

Updated: 2024-09-17T00:56:48.532Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25842

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-01T16:15:08.710

Modified: 2024-11-21T06:53:06.087

Link: CVE-2022-25842

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "com.alibaba.oneagent:one-java-agent-plugin", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Akhil Jain"}], "datePublic": "2022-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Write via Archive Extraction (Zip Slip)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-01T15:25:39", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}], "title": "Arbitrary File Write via Archive Extraction (Zip Slip)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-05-01T15:20:07.391520Z", "ID": "CVE-2022-25842", "STATE": "PUBLIC", "TITLE": "Arbitrary File Write via Archive Extraction (Zip Slip)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "com.alibaba.oneagent:one-java-agent-plugin", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Akhil Jain"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Write via Archive Extraction (Zip Slip)"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"name": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"name": "https://github.com/alibaba/one-java-agent/pull/29", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"name": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf", "refsource": "MISC", "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.546Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25842", "datePublished": "2022-05-01T15:25:39.245954Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-17T00:56:48.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D0517CE-B63F-4968-B9B0-5EEC9784C072", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}, {"lang": "es", "value": "Todas las versiones del paquete com.alibaba.oneagent:one-java-agent-plugin son vulnerables a una Escritura Arbitraria de Archivos por medio de la Extracci\u00f3n de Archivos (Zip Slip) usando un archivo especialmente dise\u00f1ado que contenga nombres de archivos para saltar directorios (por ejemplo ../../evil.exe). El atacante puede sobrescribir los archivos ejecutables e invocarlos remotamente o esperar a que el sistema o el usuario los llame, logrando as\u00ed la ejecuci\u00f3n de comandos remota en la m\u00e1quina de la v\u00edctima"}], "id": "CVE-2022-25842", "lastModified": "2024-11-21T06:53:06.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-01T16:15:08.710", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}