Impact: Moderate Public Date: 2019-09-27 CWE: CWE-502->CWE-200 Bugzilla: 1758191: CVE-2019-16943 jackson-databind: Serialization gadgets in classes of the p6spy package A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-16943 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-maven35-jackson-databind | Under investigation |
| Red Hat Single Sign-On 7 | jackson-databind | Under investigation |
| Red Hat Satellite 6 | jackson-databind | Under investigation |
| Red Hat OpenStack Platform 14.0 (Rocky) | opendaylight | Under investigation |
| Red Hat OpenStack Platform 13.0 (Queens) | opendaylight | Under investigation |
| Red Hat OpenStack Platform 10 | opendaylight | Under investigation |
| Red Hat OpenShift Container Platform 4.1 | logging-elasticsearch5-container | Under investigation |
| Red Hat OpenShift Container Platform 3.9 | openshift-elasticsearch-plugin | Under investigation |
| Red Hat OpenShift Container Platform 3.9 | elasticsearch-cloud-kubernetes | Under investigation |
| Red Hat OpenShift Container Platform 3.11 | logging-elasticsearch5-container | Under investigation |
| Red Hat OpenShift Container Platform 3.10 | elasticsearch-cloud-kubernetes | Under investigation |
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Under investigation |
| Red Hat OpenShift Application Runtimes 1.0 | vertx | Under investigation |
| Red Hat OpenShift Application Runtimes 1.0 | swarm | Under investigation |
| Red Hat Mobile Application Platform On-Premise 4 | jackson-databind | Under investigation |
| Red Hat JBoss Fuse 7 | jackson-databind | Under investigation |
| Red Hat JBoss Fuse 6 | jackson-databind | Under investigation |
| Red Hat JBoss EAP 7 | jackson-databind | Under investigation |
| Red Hat JBoss Data Virtualization 6 | jackson-databind | Under investigation |
| Red Hat JBoss Data Grid 7 | jackson-databind | Under investigation |
| Red Hat JBoss BPMS 6 | jackson-databind | Under investigation |
| Red Hat JBoss A-MQ 6 | jackson-databind | Under investigation |
| Red Hat Enterprise Linux 8 | pki-deps:10.6/jackson-databind | Under investigation |
Vulmon