CVE-2023-38286

2023-07-1405:15:09

CWE-77

mitre

web.nvd.nist.gov

thymeleaf

spring-boot-admin

ssti

server side template injection

code execution

mailnotifier

environment variables

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.8%

JSON

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Affected configurations

Nvd

Node

codecentricspring_boot_adminRange≤3.1.0

thymeleafthymeleafRange≤3.1.1

VendorProductVersionCPE
codecentricspring_boot_admin*cpe:2.3:a:codecentric:spring_boot_admin:*:*:*:*:*:*:*:*
thymeleafthymeleaf*cpe:2.3:a:thymeleaf:thymeleaf:*:*:*:*:*:*:*:*