CVE-2022-36065 : What You Need to Know
Discover how the CVE-2022-36065 vulnerability impacts GrowthBook users, allowing attackers to execute arbitrary code. Learn about the mitigation steps and necessary updates.
A vulnerability has been identified in GrowthBook's self-hosted configurations that allows attackers to register new accounts and upload files to arbitrary directories, potentially leading to arbitrary code execution within the container.
Understanding CVE-2022-36065
This CVE affects GrowthBook, an open-source platform for feature flagging and A/B testing, specifically in versions prior to 2022-08-29.
What is CVE-2022-36065?
GrowthBook's self-hosted setups are susceptible to account creation and file upload vulnerabilities. Attackers with the ability to upload files to certain directories can exploit the system to execute arbitrary code.
The Impact of CVE-2022-36065
The vulnerability has a CVSS base score of 7.5 (High severity), with high impacts on confidentiality, integrity, and availability. It requires low privileges but poses a significant risk in a network attack scenario.
Technical Details of CVE-2022-36065
Vulnerability Description
The flaw allows attackers to upload files to arbitrary directories within the container, enabling them to execute arbitrary code if specific conditions are met. The issue has been addressed in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264.
Affected Systems and Versions
Versions of GrowthBook self-hosted configurations prior to 2022-08-29 are impacted by this vulnerability.
Exploitation Mechanism
To exploit this vulnerability, attackers need to have the ability to register new accounts and upload files to specific directories within the container.
Mitigation and Prevention
Immediate Steps to Take
To mitigate the risk, set the
JWT_SECRETLong-Term Security Practices
It is recommended to always deploy security best practices, including regular updates, least privilege access controls, and proper configuration of environment variables.
Patching and Updates
Ensure that the GrowthBook self-hosted configuration is updated to the version where the issue is patched to prevent exploitation of this vulnerability.