Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-173

Artifact repository upload functionality allows malicious code injection

XMLWordPrintable

    • Hide
      • Start JBoss BPM Suite/BRMS on EAP 6.4.12+
      • Go to business central, login and then access Authoring -> Artifact Repository
      • Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.
      Show
      Start JBoss BPM Suite/BRMS on EAP 6.4.12+ Go to business central, login and then access Authoring -> Artifact Repository Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.

      When uploading a pom.xml with errors to business central using Artifact Repository, it is possible to execute malicious scripts because the error message is showed in an HTML mode, allowing scripts execution. Take for example the following script.pom.xml:

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>example</groupId>
  <artifactId>inject-script</artifactId>
  <version>1.0</version>
  
  <dependencies>
  	<dependency>
  		<groupId>example</groupId>
  		<artifactId>}}proj&lt;script&gt;alert(1)&lt;/script&gt;</artifactId>
  		<version>1.0</version>
  	</dependency>
  </dependencies>
</project>

        1. inject-script-1.0.pom.xml
          0.5 kB

            trikkola Toni Rikkola
            rhn-support-wsiqueir William Siqueira
            Jan Hrcek Jan Hrcek (Inactive)
            Jan Hrcek Jan Hrcek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: