CVE-2022-4065

MEDIUM

cbeust testng <7.5.1,7.7.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4065. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2022-4065, a vulnerability in TestNG. The exploit leverages GitHub Actions workflows to test various JDK versions and configurations, likely demonstrating the vulnerability's impact across different environments.

Description

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/testng-team__testng_CVE-2022-4065_7-5

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2022-4065, a vulnerability in TestNG. The exploit leverages GitHub Actions workflows to test various JDK versions and configurations, likely demonstrating the vulnerability's impact across different environments.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TestNG 7.5

No auth needed

Prerequisites: Access to a vulnerable TestNG installation · Ability to execute GitHub Actions workflows

MITRE ATT&CK