CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

2023-10-3115:06:23

CWE-1336

GitHub_M

www.cve.org

cve-2023-46245

kimai

multi-user

time-tracking

ssti

rce

twig file

upload

pdf

html

security measures

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.1%

JSON

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software’s PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates.

CNA Affected

[
  {
    "vendor": "kimai",
    "product": "kimai",
    "versions": [
      {
        "version": "< 2.1.0",
        "status": "affected"
      }
    ]
  }
]