{"id":20923,"date":"2022-02-22T09:31:45","date_gmt":"2022-02-22T06:31:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166073\/datarobot-exec.txt"},"modified":"2022-02-22T10:11:34","modified_gmt":"2022-02-22T06:41:34","slug":"datarobot-remote-code-execution","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/datarobot-remote-code-execution\/","title":{"rendered":"CVE-2021-45414 Datarobot Remote Code Execution"},"content":{"rendered":"<pre dir=\"ltr\"><code>Exploit Title: Datarobot -- Remote Code Execution\r\nDate: 9\/28\/2021\r\nVendor Homepage: https:\/\/www.datarobot.com\r\nSoftware Link: https:\/\/app.datarobot.com\/\r\nVersion: TBD - awaiting build version from vendor\r\nTested on: The issue affects all versions of the product up to the date of this submission\r\nExploit Authors: Mike Coers &amp; Pathfynder Inc\r\nExploit Contact: sm0key a t dnsfiltrate_io &amp; micheal.coers a t pathfynder dot_io\r\nExploit Technique: Remote\r\nCVE ID: CVE-2021-45414<\/code><\/pre>\n<p dir=\"ltr\">##### 1. Description<br \/>\nThe application allows for the submission of docker environments, and java drivers which execute arbitrary remote code.<br \/>\nThis vulnerability effects all previous versions of the Datarobot product suite.<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">#### 2. Disclosure Timeline<br \/>\n10\/26\/21 \u2013 Discovery and Exploitation<br \/>\n10\/28\/21 \u2013 Vendor Notified<br \/>\n2\/16\/22 \u2013 CVE Assigned<br \/>\n2\/18\/22 &#8211; Public Disclosure<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">#### 3. Mitigation<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">Hotfix applied to vendors SAAS solution, no action is necessary at this time however.<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">\n<pre dir=\"ltr\"><code><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Title: Datarobot &#8212; Remote Code Execution Date: 9\/28\/2021 Vendor Homepage: https:\/\/www.datarobot.com Software Link: https:\/\/app.datarobot.com\/ Version: TBD &#8211; awaiting build version from vendor Tested on: The issue affects all versions of the product up to the date of this submission Exploit Authors: Mike Coers &amp; Pathfynder Inc Exploit Contact: sm0key a t dnsfiltrate_io &amp; micheal.coers &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-20923","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=20923"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20923\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=20923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=20923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=20923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}