CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12 are subject to Token Recipient Confusion

Users of on-premise installations of wire-server can enable SAML SSO for a team by manually editing values.yaml in `/usr/local/bin/wire-server` and setting teamEnabled to true in the override. To update wire-server on-premise, run the following commands: 1. Update the wire-server Docker image: $ docker pull wire-server/wire-server 2. Clone the updated wire-server Docker image: $ docker pull wire-server/wire-server 3. Run the updated wire-server: $ docker run -it --rm --network host wire-server 4. Copy the updated values.yaml from /usr/local/bin/wire-server to /usr/local/bin/wire-server.old and make sure to keep a backup. 5. Run the following command to update the wire-server Docker image: $ docker pull wire-server/wire-server 6. Run the following command to update the wire-server Docker image: $ docker commit -m "Upgrade wire-server to vVERSION> " wire-server wire-server/wire-server 7. Run the following command to update the wire-server Docker image: $ docker push wire-server/wire-server

CVE-2021-4141

Wire-server v1.15.0 was released on October 17, 2018. There is a vulnerability in the wire-server Docker image that allows an attacker to execute a malicious payload. This can be exploited by creating a new wire-server container from the wire-server Docker image and running the malicious payload by specifying it's host name or IP address in the volume mount config for that file.

In the event an attacker successfully exploits this vulnerability, they would be able to run arbitrary code with root privileges. This update addresses this issue by removing the hostname/ip entry from volume mount config file where

STEP 2: Install Wire Pro SDK

And Configure Wire Server

Install wire-server on your local machine

First, install wire-server on your local machine. The Docker image is available on docker hub and can be pulled with the following command: $ docker pull wire-server/wire-server

SAML SSO and Wire-Server

SAML SSO is used to provide a single sign-on (SSO) capability for applications running on an on-premise installation of wire-server. SAML SSO is particularly useful for applications that are not running in the cloud, such as legacy applications. The SAML SSO service can be enabled by manually editing values.yaml in `/usr/local/bin/wire-server` and setting teamEnabled to true in the override.
To update wire-server on-premise, run the following commands:
1. Update the wire-server Docker image: $ docker pull wire-server/wire-server 2. Clone the updated wire-server Docker image: $ docker pull wire-server/wire-server 3. Run the updated wire-Server: $ docker run -it --rm --network host wire-server 4. Copy the updated values.yaml from /usr/local/bin/wire-server to /usr/local/bin/wire-server.old and make sure to keep a backup. 5. Run the following command to update the wire-server Docker image: $ docker pull wire-server/wire-server 6. Run the following command to update the wire-Server Docker image: $ docker commit -m "Upgrade Wire Server To vVERSION> " -f wireserver wireserver/wireserver 7. Run the following command to update the Wire Server docker image: $ docker push wireserver

On-premise installation of wire-server

The on-premise installation of wire-server can be upgraded by manually editing values.yaml in `/usr/local/bin/wire-server` and setting teamEnabled to true in the override. To update wire-server on-premise, run the following commands: 1. Update the wire-server Docker image: $ docker pull wire-server/wire-server 2. Clone the updated wire-server Docker image: $ docker pull wire-server/wire-server 3. Run the updated wire-Server: $ docker run -it --rm --network host wire-server 4. Copy the updated values.yaml from /usr/local/bin/wire-server to /usr/local/bin/wire-server.old and make sure to keep a backup. 5. Run the following command to update the wire-Server Docker image: $ docker pull wire-server/wire-server 6. Run the following command to update the wire-Server Docker image: $ docker commit -m "Upgrade wire server to vVERSION> " --change="teamEnabled=true" -i wireserver wireserver/wireserver 7. Run the following command to update the wire Server Docker image: $ docker push wireserver

Timeline

Published on: 10/18/2022 10:15:00 UTC
Last modified on: 10/20/2022 15:38:00 UTC

References

• https://github.com/wireapp/wire-server/security/advisories/GHSA-gq27-gmgq-fmxw
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31122