CVE-2022-1030

Summary

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.

Affected Software

VendorProductVersion RangeStatus
OktaAdvanced Server Access ClientPrior to version 1.58.0affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References