惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
量子位
腾讯CDC
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
B
Blog
S
SegmentFault 最新的问题
P
Privacy & Cybersecurity Law Blog
T
Threatpost
博客园 - 聂微东
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
C
Check Point Blog
N
Netflix TechBlog - Medium
D
DataBreaches.Net
爱范儿
爱范儿
IT之家
IT之家
S
Secure Thoughts
M
MIT News - Artificial intelligence
NISL@THU
NISL@THU
C
Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
有赞技术团队
有赞技术团队
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
Schneier on Security
Schneier on Security
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
雷峰网
雷峰网
Project Zero
Project Zero
博客园 - Franky
H
Heimdal Security Blog
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hugging Face - Blog
Hugging Face - Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Classic Application Sign-On Policy Bypass Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta Advanced Server Access Client CVE-2022-1030
Okta, Inc. · 2022-03-21 · via Okta Trust

Description

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.

Affected product and versions

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0.

Resolution

The vulnerability is fixed in Okta Advanced Server Access Client for Linux and macOS version 1.58.0. To remediate this vulnerability, upgrade Okta Advanced Server Access Client for Linux and macOS.

CVE details

CVE ID

Published Date

2022-03-21

Vulnerability Type

Command Injection

CWE

CWE-77

CVSS v3

Score:7.5

Vector string:AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgements

Okta would like to thank David Russell and Esteban Guillardoy from the Okta Application Security Team for finding this vulnerability.

Legal Disclaimer:

The information provided in Okta’s Security Advisories is provided "as is" without warranty of any kind. Okta disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Okta or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Okta or its suppliers have been advised of the possibility of such damages. The foregoing exclusions will not apply to the extent prohibited by applicable law.

References

Install the Advanced Server Access client