Spring Cloud Function - Remote Code Execution (CVE-2022-22963)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Spring Cloud Function is affected by a Remote Code Execution, located in the
/functionRouter
endpoint. The root cause of this vulnerability is the lack of validation in the spring.cloud.function.routing-expression parameter by the Cloud Function, which can be used for code injection.The affected versions are 3.2.2 and 3.1.6 or lower.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the Spring Cloud Gateway to a version higher than 3.1.6, 3.2.2.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Mar 2022
- Published at
- Updated at
- Software Type
- Library
- Vendor
- Pivotal Software
- Product
- Spring Cloud Function