Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.
CVE-2021-45448

7.1HIGH

Key Information:

Vendor: Hitachi
Status: Pentaho Business Analytics Server
Vendor: CVE Published:; 2 November 2022

Summary

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.

Affected Version(s)

Pentaho Business Analytics Server 9.2 < 9.2.0.2

Pentaho Business Analytics Server 1.0 < 8.3.0.25

References

https://support.pentaho.com/hc/en-us/articles/6744743458701

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Dec 21, 2021