Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mbadanoiu/cve-2022-24442

CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack
https://github.com/mbadanoiu/cve-2022-24442

0-day authenticated bypass cve cve-2021-25770 cve-2022-24442 cves remote-code-execution server-side-template-injection

Last synced: about 2 months ago
JSON representation

CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack

Awesome Lists containing this project

README 

        
# CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack



By inserting malicious content in the Notification FTL files, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).



Note: This issue exists because of an incomplete fix for CVE-2021-25770.



### Vendor Disclosure:



The vendor's disclosure and fix for this vulnerability can be found [here](https://www.jetbrains.com/privacy-security/issues-fixed/).



### Requirements:



This vulnerability requires:




- Valid user credentials



### Proof Of Concept:



More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-24442/blob/main/YouTrack%20-%20CVE-2022-24442.pdf).



### Additional Resources:



[Awesome article](https://www.synacktiv.com/publications/exploiting-cve-2021-25770-a-server-side-template-injection-in-youtrack) by [Vincent Herbulot of Synacktiv](https://www.synacktiv.com/en/our-team/pentest) that inspired the finding of this vulnerability.



Initial vulnerability [CVE-2021-25770](https://nvd.nist.gov/vuln/detail/CVE-2021-25770) discovered by Vasily Vasilkov.