CVE-2021-45807 – CVE-2021-45807 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2021-45807?

CVE-2021-45807 has a CVSS score of 9.8 (CRITICAL). CVE-2021-45807 is a critical remote code execution vulnerability in JPress v4.2.0 that allows attackers to execute arbitrary commands on affected systems via the doUploadAndInstall function in the AddonController. This affects all JPress v4.2.0 installations with the vulnerable endpoint accessible. Attackers can gain complete control over the server.

📋 TL;DR

CVE-2021-45807 is a critical remote code execution vulnerability in JPress v4.2.0 that allows attackers to execute arbitrary commands on affected systems via the doUploadAndInstall function in the AddonController. This affects all JPress v4.2.0 installations with the vulnerable endpoint accessible. Attackers can gain complete control over the server.

💻 Affected Systems

Products:

JPress

Versions: v4.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the admin controller for addon upload/installation functionality. Any JPress v4.2.0 installation with admin access enabled is vulnerable.

📦 What is this software?

Jpress by Jpress

View all CVEs affecting Jpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Attackers upload malicious addons containing webshells or backdoors, gaining administrative access to the JPress instance and potentially the underlying server.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the JPress application container or isolated environment.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is part of the admin interface which may be exposed to the internet, allowing remote exploitation.

🏢 Internal Only: MEDIUM - Even if not internet-facing, internal attackers or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin authentication. The vulnerability is in the addon upload/installation mechanism which can be abused to upload malicious files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.2.1 or later

Vendor Advisory: https://github.com/JPressProjects/jpress/issues/167

Restart Required: Yes

Instructions:

1. Backup your JPress installation and database. 2. Download the latest JPress version from the official repository. 3. Replace the existing installation with the updated version. 4. Restart the JPress application server. 5. Verify the fix by checking the version.

🔧 Temporary Workarounds

Disable Addon Upload

all

Remove or restrict access to the vulnerable AddonController endpoint

# Modify web.xml or application configuration to restrict /admin/addon/* endpoints
# Add authentication/authorization checks for addon management functions

Network Access Control

linux

Restrict access to admin interface using firewall rules

# iptables -A INPUT -p tcp --dport [JPress-port] -s [trusted-ips] -j ACCEPT
# iptables -A INPUT -p tcp --dport [JPress-port] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate JPress from critical systems
Enable detailed logging and monitoring for addon upload activities and unusual admin actions

🔍 How to Verify

Check if Vulnerable:

Check JPress version in admin dashboard or by examining application files. Version 4.2.0 is vulnerable.

Check Version:

# Check JPress version in admin interface or examine WEB-INF/classes/version.properties file

Verify Fix Applied:

Verify version is 4.2.1 or later. Test addon upload functionality with safe test files to ensure proper validation.

📡 Detection & Monitoring

Log Indicators:

Unusual addon upload activities
Multiple failed addon installation attempts
Admin login from unusual IP addresses
Execution of unexpected system commands

Network Indicators:

HTTP POST requests to /admin/addon/upload
Unusual outbound connections from JPress server
Traffic to known malicious IPs or domains

SIEM Query:

source="jpress.log" AND ("doUploadAndInstall" OR "addon/upload") AND status=200

📊 Metadata

CVE ID: CVE-2021-45807

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

http://jpress.com Product
https://github.com/JPressProjects/jpress Product,Third Party Advisory
https://github.com/JPressProjects/jpress/issues/167 Exploit,Issue Tracking,Third Party Advisory
http://jpress.com Product
https://github.com/JPressProjects/jpress Product,Third Party Advisory
https://github.com/JPressProjects/jpress/issues/167 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON