Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Template injection in Search Template

Avatar Roshan Pokhrel
June 06, 2024 10:53
Follow

Advisory ID: LVD-2022-0002

CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C

CVSSv 3.1 Base Score: 8.4

Severity: High

CVE: CVE-2022-48684

CWE: CWE-1336, CWE-78

Date Published: 2022-09-28

Last Updated: 2022-10-12

Description

Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to gain code execution. Any user with the access to create a search template can use this vulnerability to execute code in the system as loginspect user.

Affected Product

Logpoint versions 7.1.0 and earlier.

Solution

Upgrade to Logpoint version 7.1.1.

Acknowledgments

Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)

Comments

Article is closed for comments.

Related articles

  • Privilege Escalation Through Cronjob
  • Logpoint Agent Collector
  • Creation of a new normalization request
  • PointSharp
  • Office365
Was this article helpful?
1 out of 1 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.