Impact
Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the WorkSpaceClientEnqueue.action REST endpoint.
This issue may lead to post-auth Remote Code Execution. Since version 6.3.0, the endpoint is protected against CSRF attacks, which reduces the impact of the vulnerability. However, if a new XSS vulnerability is introduced in the future, it might allow an attacker to craft a malicious page that, when visited by a victim, will trigger the unsafe deserialization.
There are two other instances within Emissary that is not currently exercised in the code. These unused code paths will be removed.
Patches
This issue has been patched in version 6.6.0
Workarounds
Disable network access to Emissary from untrusted sources.
References
- OWASP Deserialization of Untrusted Data
- MITRE Common Weakness Enumeration (CWE-502: Deserialization of Untrusted Data)
For more information
If you have any questions or comments about this advisory:
Impact
Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the
WorkSpaceClientEnqueue.actionREST endpoint.This issue may lead to post-auth Remote Code Execution. Since version 6.3.0, the endpoint is protected against CSRF attacks, which reduces the impact of the vulnerability. However, if a new XSS vulnerability is introduced in the future, it might allow an attacker to craft a malicious page that, when visited by a victim, will trigger the unsafe deserialization.
There are two other instances within Emissary that is not currently exercised in the code. These unused code paths will be removed.
Patches
This issue has been patched in version 6.6.0
Workarounds
Disable network access to Emissary from untrusted sources.
References
For more information
If you have any questions or comments about this advisory: