← voltar
CVE-2022-22947

CVE-2022-22947

CVSS 10 CRITICALEPSS 98.3%● KEVCWE-94
Em resumo

O Spring Cloud Gateway permite que atacantes executem código arbitrário no servidor se o endpoint do Actuator estiver exposto sem proteção. Um pedido maliciosamente elaborado pode permitir a execução remota de comandos.

Detalhe técnico

Vulnerabilidade de injeção de código (CWE-94) no endpoint Actuator do Spring Cloud Gateway permite execução remota de código quando o endpoint está exposto sem autenticação. Pré-condição: Actuator deve estar ativado e acessível publicamente. O vetor de ataque envolve o envio de payloads maliciosos através da interface Actuator, resultando em execução arbitrária de comandos no host.

Resumo gerado e traduzido por IA a partir da descrição oficial.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
n/a · Spring Cloud Gateway
PoCs públicas encontradas64
githubgithub.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947223githubgithub.com/whwlsfb/cve-2022-22947-godzilla-memshell211githubgithub.com/SecNN/CVE-2022-22947_Rce_Exp77githubgithub.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway71githubgithub.com/0730Nophone/CVE-2022-22947-60githubgithub.com/crowsec-edtech/CVE-2022-2294738githubgithub.com/0x7eTeam/CVE-2022-2294736githubgithub.com/Zh0um1/CVE-2022-2294728githubgithub.com/Tas9er/SpringCloudGatewayRCE28githubgithub.com/Enokiy/cve-2022-22947-spring-cloud-gateway18githubgithub.com/viemsr/spring_cloud_gateway_memshell18githubgithub.com/B0rn2d/Spring-Cloud-Gateway-Nacos16githubgithub.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE14githubgithub.com/4nNns/CVE-2022-2294712githubgithub.com/k3rwin/spring-cloud-gateway-rce12githubgithub.com/Wrin9/CVE-2022-2294711githubgithub.com/twseptian/cve-2022-2294711githubgithub.com/Vulnmachines/spring-cve-2022-2294710githubgithub.com/dingxiao77/-cve-2022-22947-9githubgithub.com/SiJiDo/CVE-2022-229479githubgithub.com/hunzi0/CVE-2022-22947-Rce_POC7githubgithub.com/anansec/CVE-2022-22947_EXP7githubgithub.com/mrknow001/CVE-2022-229477githubgithub.com/YutuSec/SpEL6githubgithub.com/darkb1rd/cve-2022-229476githubgithub.com/Greetdawn/CVE-2022-229475githubgithub.com/Arrnitage/CVE-2022-22947_exp5githubgithub.com/sagaryadav8742/springcloudRCE4githubgithub.com/LY613313/CVE-2022-229473githubgithub.com/stayfoolish777/CVE-2022-22947-POC3githubgithub.com/nu0l/cve-2022-229473githubgithub.com/Le1a/CVE-2022-229472githubgithub.com/22ke/CVE-2022-229472githubgithub.com/dbgee/CVE-2022-229472githubgithub.com/Vancomycin-g/CVE-2022-229472githubgithub.com/kkx600/Burp_VulPscan2githubgithub.com/Wrong-pixel/CVE-2022-22947-exp1githubgithub.com/kmahyyg/CVE-2022-229471githubgithub.com/Jun-5heng/CVE-2022-229471githubgithub.com/qq87234770/CVE-2022-229471githubgithub.com/bysinks/CVE-2022-229471githubgithub.com/Nathaniel1025/CVE-2022-229471githubgithub.com/talentsec/Spring-Cloud-Gateway-CVE-2022-229471githubgithub.com/Sumitpathania03/CVE-2022-229470githubgithub.com/scopion/cve-2022-229470githubgithub.com/Summer177/Spring-Cloud-Gateway-CVE-2022-229470githubgithub.com/BerMalBerIst/CVE-2022-229470githubgithub.com/flying0er/CVE-2022-22947-goby0githubgithub.com/nanaao/CVE-2022-22947-POC0githubgithub.com/PaoPaoLong-lab/Spring-CVE-2022-22947-0githubgithub.com/hh-hunter/cve-2022-22947-docker0githubgithub.com/scopion/CVE-2022-22947-exp0githubgithub.com/fbion/CVE-2022-229470githubgithub.com/aesm1p/CVE-2022-22947-POC-Reproduce0githubgithub.com/SanderSchepers1993/CyberSec20260githubgithub.com/ciri3/spring-cloud-gateway-cve-2022-22947-report0githubgithub.com/entr0pie/demo-cve-2022-229470githubgithub.com/superneilcn/SpringExploitGUI0githubgithub.com/cc3305/CVE-2022-229470githubgithub.com/skysliently/CVE-2022-22947-pb-ai0githubgithub.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-60cve_referencepacketstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50799não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttps://tanzu.vmware.com/security/cve-2022-22947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html