CVE-2022-50686
📋 TL;DR
This vulnerability in Kentico Xperience allows attackers to view detailed error messages containing sensitive stack trace information through Portal Engine form controls. This information disclosure can expose internal system details and implementation specifics. Organizations using vulnerable versions of Kentico Xperience are affected.
💻 Affected Systems
- Kentico Xperience
📦 What is this software?
Xperience by Kentico
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain detailed internal system information, including stack traces that reveal software architecture, database structures, and potentially credentials or API keys in error messages, leading to further attacks.
Likely Case
Unauthorized users can view sensitive error details that expose system internals, potentially aiding in reconnaissance for more sophisticated attacks against the application.
If Mitigated
With proper error handling and sanitization, only generic error messages are displayed, preventing information leakage while maintaining functionality.
🎯 Exploit Status
Exploitation requires triggering form errors, which can often be done through malformed input or specific user interactions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Hotfix available via Kentico DevNet
Vendor Advisory: https://devnet.kentico.com/download/hotfixes
Restart Required: Yes
Instructions:
1. Download the hotfix from Kentico DevNet. 2. Apply the hotfix to your Kentico Xperience installation. 3. Restart the application/services. 4. Test form controls to ensure generic error messages are displayed.
🔧 Temporary Workarounds
Custom Error Handling
allImplement custom error handling in Portal Engine form controls to sanitize error messages before displaying to users.
Modify form control error handling code to replace detailed stack traces with generic messages
Disable Detailed Errors
allConfigure Kentico Xperience to disable detailed error messages in production environments.
Set customErrors mode="RemoteOnly" or "On" in web.config
Disable debug mode in production
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests that trigger detailed error responses
- Monitor application logs for detailed error messages and investigate any occurrences
🔍 How to Verify
Check if Vulnerable:
Test Portal Engine form controls by triggering errors (e.g., submitting invalid data) and check if detailed stack traces are displayed.Check Version:
Check Kentico Xperience version in administration interface or via assembly version inspection.Verify Fix Applied:
After applying the hotfix, trigger form errors and verify only generic error messages appear without stack trace details.📡 Detection & Monitoring
Log Indicators:
- Detailed stack traces in application logs
- Multiple form submission errors from single IPs
Network Indicators:
- HTTP responses containing detailed error information in body
SIEM Query:
search 'stack trace' OR 'at System.' in web server logs