Advisory ID: LVD-2022-002
CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CVSSv 3.1 Base Score: 8.4
Date Published: 2022-09-28
Last Updated: 2022-10-12
Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to gain code execution. Any user with the access to create a search template can use this vulnerability to execute code in the system as loginspect user.
Logpoint versions 7.1.0 and earlier.
Upgrade to Logpoint version 7.1.1.
Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)