Description: This vulnerability allows authorization bypass and remote code exection in Bonitasoft web.
Versions Affected: 2022.1
Version Fixed:
For community:
- 2022.1-u0 (7.14.0) For subscription:
- 2022.1-u0 (7.14.0)
- 2021.2-u4 (7.13.4)
- 2021.1-0307 (7.12.11)
- 7.11.7
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasoft-authorization-bypass/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2022-25237
By appending ";i18ntranslation" or "/i18ntranslation/../" to certain API URLs it is possible to bypass authorization for unprivilged users and access privileged APIs. This allows an API extension to be deployed and execute code remotely.
Usage: python3 .\exploit.py <username> <password> http://localhost:8080/bonita 'cat /etc/passwd'
