Lucene search
GitHub Advisory DatabaseGHSA-6PGR-J9V4-XFVVHistoryOct 06, 2023 - 9:30 p.m.
ThingsBoard Server-Side Template Injection
2023-10-0621:30:49
CWE-74
GitHub Advisory Database
github.com
7
thingsboard
server-side
template injection
apache
freemarker
vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.0%
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint.
Affected configurations
Node
org.thingsboard\Matchthingsboard
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.thingsboard:thingsboard | lt | 3.5 |
Related
prion
prion
Sql injection
2023-10-06 19:15:00
cvelist
cvelist
CVE-2023-45303
2023-10-06 00:00:00
cve
cve
CVE-2023-45303
2023-10-06 19:15:13
osv
osv
ThingsBoard Server-Side Template Injection
2023-10-06 21:30:49
CVE-2023-45303
2023-10-06 19:15:13
nvd
nvd
CVE-2023-45303
2023-10-06 19:15:13
kitploit
kitploit
Cve-Collector - Simple Latest CVE Collector
2023-11-01 11:30:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.0%
Related for GHSA-6PGR-J9V4-XFVV