Spring Cloud Function - Remote Code Execution (CVE-2022-22963)
- CVSSv3 Score
- Vulnerability description
Spring Cloud Function is affected by a Remote Code Execution, located in the
/functionRouterendpoint. The root cause of this vulnerability is the lack of validation in the spring.cloud.function.routing-expression parameter by the Cloud Function, which can be used for code injection.The affected versions are 3.2.2 and 3.1.6 or lower.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Upgrade the Spring Cloud Gateway to a version higher than 3.1.6, 3.2.2.
- Not available