Emissary Command Injection Vulnerability in Executrix Utility

A command injection vulnerability has been identified in the Emissary workflow engine, specifically in versions through 8.38.0. The issue arises in the Executrix utility class, which improperly sanitizes shell command inputs derived from configuration values, including the PLACE_NAME parameter. This inadequate sanitization allowed shell metacharacters to be executed via /bin/sh -c, potentially leading to arbitrary command execution on the host. The vulnerability requires control over configuration values, such as administrative access or a compromised configuration source.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the Emissary host.

Reproduction

To reproduce this vulnerability, set the PLACE_NAME parameter in a configuration file to a value that includes shell metacharacters, such as a semicolon or pipe. The Executrix utility will only replace spaces with underscores, leaving the metacharacters intact. When the command is executed, the injected commands will be processed by the shell, leading to command execution on the host.

Remediation

This vulnerability has been fixed in Emissary version 8.39.0. Users unable to upgrade should ensure that PLACE_NAME values in all configuration files contain only alphanumeric characters, underscores, and hyphens.