Aperçu
Spring Cloud Function contains a remote code execution vulnerability caused by unsafe evaluation of Spring Expression Language (SpEL) in the routing functionality. Attackers can execute arbitrary code by providing a crafted SpEL expression through the 'spring.cloud.function.routing-expression' property or HTTP header. This is a critical vulnerability that affects multiple versions of Spring Cloud Function across all supported platforms. La vulnérabilité a été divulguée le April 1, 2022. CISA a identifié CVE-2022-22963 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Spring Cloud Function versions up to 3.1.6 and 3.2.2 evaluate user-supplied input as Spring Expression Language (SpEL) expressions without proper sanitization in the routing functionality. The vulnerability exists in how the framework processes the 'spring.cloud.function.routing-expression' configuration property and corresponding HTTP headers. An unauthenticated attacker can craft a malicious SpEL expression to achieve remote code execution on the target system. The routing functionality uses SpEL to dynamically determine which function to invoke based on incoming requests, but fails to restrict the expression syntax, allowing attackers to execute arbitrary Java code.
La vulnérabilité est classifiée comme CWE-94 (Improper Control of Generation of Code ('Code Injection')) , CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')) etCWE-917 (Expression Language Injection) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
An unauthenticated remote attacker can execute arbitrary code with the privileges of the application process. This leads to complete system compromise including: unauthorized access to sensitive data, modification or deletion of data, installation of malware, lateral movement within the network, and denial of service. The vulnerability can be exploited without authentication, making it trivially exploitable in internet-facing deployments.
Mitigation et contournements
Upgrade Spring Cloud Function to version 3.1.7, 3.2.3, or later. For applications using Spring Cloud release trains, refer to the specific Spring Cloud version compatibility matrix. Update the dependency in your Maven pom.xml or Gradle build.gradle file and rebuild/redeploy the application. Les versions suivantes incluent les correctifs nécessaires : 3.1.7, 3.2.3, 4.0 and later.
Comme contournements temporaires : disable or restrict access to the routing functionality by implementing network-level controls (firewall rules, web application firewall) to block access to vulnerable endpoints until patching is possible.; remove the 'spring.cloud.function.routing-expression' property from configuration if not required by the application., et implement reverse proxy or api gateway rules to validate and sanitize incoming requests before they reach the spring cloud function application..
Recommandation de CISA : Apply updates per vendor instructions.
Ressources additionnelles
Source : Ce rapport a été généré par IA
