CVE-2020-26238 Cron-Utils (Remote Code Exploitation)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is 9.8 critical. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.3 Affected Version
cron-utils before version 9.1.3.
1.4 Vulnerability Attribution
This vulnerability is reported by GitHub, Inc.
1.5 Risk Impact
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. Public exploit is available here. Any attacker who can exploit this vulnerability can plant a backdoor and anybody who is using this library will get impacted.
1.6 Virsec Security Platform (VSP) Support:
The Virsec Security Platform (VSP)- Memory monitors stack based bufferoverflows and will prevent any attempt by attacker to exploit this type of vulnerability.
VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.