Headline
CVE-2022-30586: Gradle Enterprise - Security Advisories
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
All advisoriesSystem password reset via Admin CLI allows command injection and password leakage
Affected product(s)
- Gradle Enterprise Admin CLI < 1.3.1
Severity
Low
Published at
2022-06-03
Related CVE ID(s)
- CVE-2022-30586
Description
The Gradle Enterprise Admin CLI offers several functions relevant to administrators of a Gradle Enterprise installation. One such function is the ability to reset the system user password for Kubernetes-based installations, via the “system reset-system-password” command. For versions of the Gradle Enterprise Admin CLI earlier than 1.3.1, the password provided to this command is parsed by a command shell, creating the opportunity for command injection, and is used as an argument to a script, allowing the password to be visible for a very brief time via the process list.
Any commands embedded in the password value will be executed within the context of an “enterprise-app” pod instance within the cluster, and only if the user executing the Admin CLI has sufficient administration privileges to execute commands within the container, as determined by the access control of the Kubernetes cluster. Users that do not have sufficient cluster access privileges cannot use this vulnerability to execute commands inside the container.
Similarly, the password is used as an argument to a script that executes within the pod and is only briefly visible as part of the process list within the pod.
Mitigation
Users should use version 1.3.1 or later of the Gradle Enterprise Admin CLI.