Journeyx jtime 11.5.4 Pre-Auth Python Code Injection via Login

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Affected Vendor and Product: - Vendor: Journeyx - Product: Journeyx (jtime) - Version: 11.5.4 2. Vulnerability Description: - Attackers can exploit a Python code injection vulnerability using valid username and password credentials, particularly during the login process. 3. Technical Description: - When logging into Journeyx using a username and password, an HTTP request containing credentials is sent to “wtlogin.pyc”. - If the “end_URL” value exceeds 1000 characters, it is interpreted as a Python “import” statement and passed to the “exec()” function, thereby executing arbitrary code. 4. Mitigation and Recommendations: - Rename “mycgi.pyc” to another name, such as “mycgi_original.pyc”. - Create a file named “mycgi.py” in the same directory. - Insert the following code into “mycgi.py”: 5. Discoverer: - The vulnerability was discovered by Jaggar Henry of KoreLogic, Inc. 6. Disclosure Timeline: - January 31, 2024: KoreLogic notified Journeyx support about the vulnerability found in the licensed on-premises version. - February 2, 2024: Journeyx confirmed receipt of the notification. - February 9, 2024: Journeyx confirmed the vulnerability had been fixed. - July 1, 2024: KoreLogic notified Journeyx of the upcoming public disclosure. - August 7, 2024: Journeyx confirmed the patched version. 7. Exploitation Example: - By leveraging the existing “web” Python module, shell command outputs can be returned via “os.popen()”. This information provides detailed descriptions of the vulnerability, mitigation steps, and key details about its discovery process.

Goal Reached Thanks to every supporter — we hit 100%!

Journeyx jtime 11.5.4 Pre-Auth Python Code Injection via Login