0x01 Vulnerability Background
Recently, Spring officially released a CVE report on Spring Cloud Gateway, which includes the Spring Cloud Gateway remote code execution vulnerability (CVE-2022-22947).
Gateway is an API gateway service built on top of the Spring ecosystem, based on technologies such as Spring 5, Spring Boot 2 and Project Reactor. Gateway aims to provide a simple and effective way to route APIs, and provide some powerful filter functions, such as circuit breaking, current limiting, retrying, etc.
The Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947) occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is vulnerable to code injection when enabled, exposed, and insecure. An attacker could exploit this vulnerability to maliciously craft requests that allow arbitrary remote execution on a remote host.
0x02 risk level
serious
0x03 affects the version
Known affected apps and components:
1 2 3 |
|
0x04 Repair suggestion
1. Upgrade version to solve
3.1.x users should upgrade to 3.1.1+
3.0.x users should upgrade to 3.0.7+
2. Disable service to solve
If you don’t need the Actuator endpoint, you can configure it through management.endpoint.gateway.enable:false Disable it
If the Actuator endpoint is absolutely required, it should be secured with Spring Security
0x05 Reference link
1、https://www.safedog.cn/news.html?id=5071
2. CVE-2022-22947-Spring Cloud Gateway RCE Vulnerability|Cotton's Blog|Cotton's Blog