Impact
A logged user with an administrator account can execute operating system commands on the underlying host, ultimately allowing the internal network to be compromised. This is because the data harvesting functionality does not properly sanitise "before scripts" before executing them.
Patches
- This issue is fixed in 3.12.0 and 4.0.4.
Vulnerable versions
Vulnerable: 3.4.0 - 3.10.6 inclusive and 4.0.0-alpha.1 to 4.0.3 inclusive.
Mitigations
Update to one of the patched versions . If no patch is possible, there are two options:
- For GN >= 3.4.2 the local file system harvester can be disabled: In Admin Console -> Settings -> Disabled harvester protocols enter
filesystem as value.
- or disable the Before script functionality in LocalFilesystemHarvester.java
References
For more information
If you have any questions or comments about this advisory:
Thanks to Tyler Sullivan for reporting this issue.
tylersullivan178 Analyst
Impact
A logged user with an administrator account can execute operating system commands on the underlying host, ultimately allowing the internal network to be compromised. This is because the data harvesting functionality does not properly sanitise "before scripts" before executing them.
Patches
Vulnerable versions
Vulnerable: 3.4.0 - 3.10.6 inclusive and 4.0.0-alpha.1 to 4.0.3 inclusive.
Mitigations
Update to one of the patched versions . If no patch is possible, there are two options:
filesystemas value.References
For more information
If you have any questions or comments about this advisory:
Thanks to Tyler Sullivan for reporting this issue.