GHSA-w3x5-427h-wfq6

Source

https://github.com/advisories/GHSA-w3x5-427h-wfq6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-w3x5-427h-wfq6/GHSA-w3x5-427h-wfq6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w3x5-427h-wfq6

Aliases

CVE-2022-46166

Published

2022-12-09T20:19:32Z

Modified

2023-11-08T04:10:55.467167Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Spring Boot Admins integrated notifier support allows arbitrary code execution

Details

Impact

All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are possibly affected.

Patches

In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionContext of SpEL. This prevents the arbitrary code execution (i.e. SpEL injection).

Workarounds

Disable any notifier
Disable write access (POST request) on /env actuator endpoint

Database specific

{
    "nvd_published_at": "2022-12-09T21:15:00Z",
    "github_reviewed_at": "2022-12-09T20:19:32Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-94"
    ]
}

References

Affected packages

Maven / de.codecentric:spring-boot-admin

Package

Name: de.codecentric:spring-boot-admin; View open source insights on deps.dev
Purl: pkg:maven/de.codecentric/spring-boot-admin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.10

Affected versions

1.*

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

Maven / de.codecentric:spring-boot-admin

Package

Name: de.codecentric:spring-boot-admin; View open source insights on deps.dev
Purl: pkg:maven/de.codecentric/spring-boot-admin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.0

Fixed

2.7.8

Affected versions

2.*

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

Maven / de.codecentric:spring-boot-admin

Package

Name: de.codecentric:spring-boot-admin; View open source insights on deps.dev
Purl: pkg:maven/de.codecentric/spring-boot-admin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0-M1

Fixed

3.0.0-M6

Affected versions

3.*

3.0.0-M1

3.0.0-M2

3.0.0-M3

3.0.0-M4

3.0.0-M5