惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
P
Palo Alto Networks Blog
P
Proofpoint News Feed
AI
AI
Help Net Security
Help Net Security
S
Securelist
T
Troy Hunt's Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cisco Blogs
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
Vercel News
Vercel News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
S
Security Affairs
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
T
Tenable Blog
H
Help Net Security
NISL@THU
NISL@THU
F
Fortinet All Blogs
博客园_首页
G
GRAHAM CLULEY
L
LINUX DO - 最新话题
P
Privacy International News Feed
G
Google Developers Blog
博客园 - Franky
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
The Register - Security
The Register - Security
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
Forbes - Security
Forbes - Security
S
Secure Thoughts
Simon Willison's Weblog
Simon Willison's Weblog
D
Docker
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
L
Lohrmann on Cybersecurity
T
Tailwind CSS Blog

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Classic Application Sign-On Policy Bypass Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta Advanced Server Access Client CVE-2022-1030
Okta, Inc. · 2022-03-21 · via Okta Trust

Description

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.

Affected product and versions

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0.

Resolution

The vulnerability is fixed in Okta Advanced Server Access Client for Linux and macOS version 1.58.0. To remediate this vulnerability, upgrade Okta Advanced Server Access Client for Linux and macOS.

CVE details

CVE ID

Published Date

2022-03-21

Vulnerability Type

Command Injection

CWE

CWE-77

CVSS v3

Score:7.5

Vector string:AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgements

Okta would like to thank David Russell and Esteban Guillardoy from the Okta Application Security Team for finding this vulnerability.

Legal Disclaimer:

The information provided in Okta’s Security Advisories is provided "as is" without warranty of any kind. Okta disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Okta or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Okta or its suppliers have been advised of the possibility of such damages. The foregoing exclusions will not apply to the extent prohibited by applicable law.

References

Install the Advanced Server Access client