CVE-2023-49964

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mbadanoiu/CVE-2023-49964	Third Party Advisory
https://www.alfresco.com/products/community/download	Product
https://github.com/mbadanoiu/CVE-2023-49964	Third Party Advisory
https://www.alfresco.com/products/community/download	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*

History

21 Nov 2024, 08:34

Type	Values Removed	Values Added
References	~~() https://github.com/mbadanoiu/CVE-2023-49964 - Third Party Advisory~~	() https://github.com/mbadanoiu/CVE-2023-49964 - Third Party Advisory
References	~~() https://www.alfresco.com/products/community/download - Product~~	() https://www.alfresco.com/products/community/download - Product

14 Dec 2023, 14:36

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-11 08:15

Updated : 2024-11-21 08:34

NVD link : CVE-2023-49964

Mitre link : CVE-2023-49964

CVE.ORG link : CVE-2023-49964

JSON object : View

Products Affected

hyland

alfresco_content_services

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2023-49964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-11T08:15:06.603", "references": [{"url": "https://github.com/mbadanoiu/CVE-2023-49964", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.alfresco.com/products/community/download", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/mbadanoiu/CVE-2023-49964", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.alfresco.com/products/community/download", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Hyland Alfresco Community Edition hasta 7.2.0. Al insertar contenido malicioso en el archivo folder.get.html.ftl, un atacante puede realizar ataques SSTI (inyecci\u00f3n de plantilla del lado del servidor), que pueden aprovechar los objetos expuestos de FreeMarker para evitar las restricciones y lograr RCE (ejecuci\u00f3n remota de c\u00f3digo). NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2020-12873."}], "lastModified": "2024-11-21T08:34:06.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B41FBE-7025-4B99-A7BD-746F95F022DA", "versionEndIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}