Remote Code Execution/Server Side Template Injection

2023-10-3109:50:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

server-side template injection

kimai software

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

JSON

kimai/kimai is vulnerable to Remote Code Execution. The vulnerability is caused by Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). A malicious user can upload a specially crafted Twig file to execute arbitrary code when PDF and HTML rendering functionality is used to render the content.

CPENameOperatorVersion
kimai/kimaile2.1.0
kimai/kimaile2.1.0

CPE	Name	Operator	Version
	kimai/kimai	le	2.1.0
	kimai/kimai	le	2.1.0

References

github.com/kimai/kimai/commit/38e37f1c2e91e1acb221ec5c13f11b735bd50ae4

github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw

github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw#:~:text=process%20of%20reproducing%3A-,Proof%20of%20Concept,-import%20requests%0Aimport