VU#873170: Collibra Agent cont... Note

VU#873170: Collibra Agent contains improper authentication and path traversal vulnerabilities

The Collibra Platform Agent contains chained vulnerabilities allowing remote code execution. A remote, unauthenticated attacker can exploit these by uploading a crafted ZIP archive. This archive exploits a Zip Slip vulnerability during extraction, enabling path traversal. Specifically, the POST /rest/restore endpoint fails to validate extracted file paths. Attackers can use directory traversal sequences to write files to arbitrary locations on the server. One exploitation path involves placing a malicious JavaServer Pages file in a web-accessible directory. This leads to remote code execution when the file is accessed via HTTP. Privileged REST endpoints under /rest/* also lack proper authentication and authorization. These exposed endpoints can be used to gather information for further exploitation. The web services for these endpoints bind to all network interfaces, potentially increasing exposure. Successful exploitation allows attackers to install web shells, manipulate data, disrupt availability, and pivot into the network. Collibra has released updated versions to address these vulnerabilities. Users are strongly advised to update to the fixed releases promptly. Administrators should restrict access to exposed REST endpoints and management interfaces.