nvd-json-data-feeds/CVE-2023/CVE-2023-443xx/CVE-2023-44392.json

{
  "id": "CVE-2023-44392",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-10-09T20:15:10.393",
  "lastModified": "2023-10-16T18:08:49.840",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available."
    },
    {
      "lang": "es",
      "value": "Garden proporciona automatizaci\u00f3n para el desarrollo y las pruebas de Kubernetes. Antes de las versiones 0.13.17 y 0.12.65, Garden depend\u00eda de cryo library, que es vulnerable a la inyecci\u00f3n de c\u00f3digo debido a una implementaci\u00f3n insegura de la deserializaci\u00f3n. Garden almacena objetos serializados usando cryo en los recursos `ConfigMap` de Kubernetes con el prefijo `test-result` y `run-result` para almacenar en cach\u00e9 los resultados de la prueba y ejecuci\u00f3n de Garden. Estos `ConfigMaps` se almacenan en el espacio de nombres `garden-system` o en el espacio de nombres de usuario configurado. Cuando un usuario invoca el comando \"garden test\" o \"garden run\", los objetos almacenados en \"ConfigMap\" se recuperan y deserializan. Esto puede ser utilizado por un atacante con acceso al cl\u00faster de Kubernetes para almacenar objetos maliciosos en el \"ConfigMap\", lo que puede desencadenar una ejecuci\u00f3n remota de c\u00f3digo en la m\u00e1quina del usuario cuando cryo deserializa el objeto. Para aprovechar esta vulnerabilidad, un atacante debe tener acceso al cl\u00faster de Kubernetes utilizado para implementar entornos remotos de garden. Adem\u00e1s, un usuario debe invocar activamente una \"garden test\" o una \"garden run\" que previamente haya almacenado en cach\u00e9 los resultados. El problema se solucion\u00f3 en las versiones de Garden `0.13.17` (Bonsai) y `0.12.65` (Acorn). S\u00f3lo las versiones Garden anteriores a estas son vulnerables. No hay workarounds conocidos disponibles."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        },
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*",
              "versionEndExcluding": "0.12.65",
              "matchCriteriaId": "578BA987-86CC-4306-BDD9-8FD8DAB4D424"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*",
              "versionStartIncluding": "0.13.0",
              "versionEndExcluding": "0.13.17",
              "matchCriteriaId": "5D5D4DD6-0B6E-4321-B3FB-C237DCB73390"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/garden-io/garden/commit/3117964da40d3114f129a6131b4ada89eaa4eb8c",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://github.com/garden-io/garden/security/advisories/GHSA-hm75-6vc9-8rpr",
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}