Bastillion Command Injection Vulnerability in Public Key Management System
Vulnerability
A command injection vulnerability exists in bastillion-io Bastillion versions through 4.0.1, specifically within the Public Key Management System component. The issue arises in the file AuthKeysKtrl.java, where insufficient validation of public key content allows authenticated users with key upload privileges to inject malicious commands. These commands are executed on remote systems during SSH key distribution. The vulnerability is currently unpatched.
Impact
Exploitation of this vulnerability allows authenticated users to execute arbitrary commands on systems where the injected SSH key is distributed, potentially leading to unauthorized access, data manipulation, and persistence on the affected hosts.
Reproduction
To reproduce this vulnerability, an authenticated user with public key upload rights can upload a malicious SSH public key containing command injection payloads. Once the key is uploaded, it can be distributed to target systems, where the injected commands will be executed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.