Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-9582

Code execution - Groovy

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.4
    • Fix Version/s: None
    • Component/s: Groovy Console
    • Labels:

      Description

      I am not sure if this working as intended but,

      While reviewing the source code (https://github.com/apache/groovy/blob/49ee146850d866513aa84bc49bf22e06687484d5/src/bin/startGroovy.bat#L95) I found that groovy.bat looks for java.exe from current working directory (CWD).

      In my opinion, groovy.bat looks for java.exe from the current working directory (CWD), so an attacker could place a crafted java.exe files to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file to trigger this remotely.

      This can also be exploited when groovy.bat is run via SMB shares were a malicious threat actor could store pre-build java.exe hidden the successful attack could lead to remote code execution.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mdhiraj Dhiraj M

              Dates

              • Created:
                Updated:

                Issue deployment