PowSyBl SparseMatrix Class Deserialization Vulnerability Leading to Privilege Escalation

A deserialization vulnerability has been identified in the PowSyBl framework, specifically within the SparseMatrix class, in versions 6.3.0 prior to 6.7.1. The issue arises in the read method, which processes an InputStream and constructs a SparseMatrix object. This vulnerability can be exploited to escalate privileges in various ways, depending on the context. The problem has been addressed in version 6.7.2 of the PowSyBl Math component.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights or access within the application or system.

Reproduction

The vulnerability can be reproduced by deserializing a SparseMatrix object from an untrusted InputStream using the SparseMatrix.read() method. This can be done in a multi-tenant application environment or a local tool that processes external data sources. After deserialization, the absence of a security exploit can be verified by checking for the existence of a specific file that would indicate successful exploitation.

Remediation

Users can upgrade to PowSyBl version 6.7.2 or later. If an immediate upgrade is not possible, the SparseMatrix deserialization methods can be avoided.