Vulnerabilities > CVE-2020-7799 - Expression Language Injection vulnerability in Fusionauth
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/156102/fusionauth110-exec.txt |
id | PACKETSTORM:156102 |
last seen | 2020-01-28 |
published | 2020-01-27 |
reporter | Gianluca Baldi |
source | https://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html |
title | FusionAuth 1.10 Remote Command Execution |
References
- http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
- https://fusionauth.io/docs/v1/tech/release-notes
- https://fusionauth.io/docs/v1/tech/release-notes
- https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
- https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
- https://seclists.org/bugtraq/2020/Jan/39
- https://seclists.org/bugtraq/2020/Jan/39