[midPoint] Security Advisory: Some users can execute script code beyond their authorizations

Tony Tkacik tony.tkacik at evolveum.com
Tue Feb 27 19:25:11 CET 2024


Date: 27. 02. 2024 
Severity: 8.5 (High) 
Affected versions: All midPoint versions prior to 4.4.8, 4.7.4, 4.8.2 
Fixed in versions: 4.4.8, 4.7.4, 4.8.2 

Description 

If a user is authorized to submit raw XML/JSON/YAML object data to midPoint (typically, when adding or modifying an object), they can execute arbitrary script code provided as part of that data. 
The code is executed before the authorization check stops the operation. 

Severity and Impact 

This is High Severity Issue. 
Exploitation of this issue requires the ability to submit XML/JSON/YAML data to midPoint. 
Normally, users are not able to do so. 
The exception is, e.g., when they are allowed to use the REST API or access the Repository Objects page. 

Mitigation 

Users of affected MidPoint versions are advised to upgrade their deployments to the latest maintenance releases. 

In the meantime, they are advised to allow Repository Objects and/or REST access only to trusted users. 

This advisory is also available at [ https://docs.evolveum.com/midpoint/security/advisories/022-unauthorized-code-execution/ | https://docs.evolveum.com/midpoint/security/advisories/022-unauthorized-code-execution/ ] 

-- 
Anton Tkáčik
Software Developer
evolveum.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240227/92996fd4/attachment-0001.htm>


More information about the midPoint mailing list