Vulnerability Details CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.727
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
- https://fusionauth.io/docs/v1/tech/release-notes
- https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
- https://seclists.org/bugtraq/2020/Jan/39
- http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
- https://fusionauth.io/docs/v1/tech/release-notes
- https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
- https://seclists.org/bugtraq/2020/Jan/39
Products affected by CVE-2020-7799
-
cpe:2.3:a:fusionauth:fusionauth:1.0.13
-
cpe:2.3:a:fusionauth:fusionauth:1.0.14
-
cpe:2.3:a:fusionauth:fusionauth:1.0.15
-
cpe:2.3:a:fusionauth:fusionauth:1.0.16
-
cpe:2.3:a:fusionauth:fusionauth:1.0.17
-
cpe:2.3:a:fusionauth:fusionauth:1.0.18
-
cpe:2.3:a:fusionauth:fusionauth:1.1.0
-
cpe:2.3:a:fusionauth:fusionauth:1.1.1
-
cpe:2.3:a:fusionauth:fusionauth:1.10.0
-
cpe:2.3:a:fusionauth:fusionauth:1.10.1
-
cpe:2.3:a:fusionauth:fusionauth:1.2.0
-
cpe:2.3:a:fusionauth:fusionauth:1.2.1
-
cpe:2.3:a:fusionauth:fusionauth:1.2.2
-
cpe:2.3:a:fusionauth:fusionauth:1.3.0
-
cpe:2.3:a:fusionauth:fusionauth:1.3.1
-
cpe:2.3:a:fusionauth:fusionauth:1.4.0
-
cpe:2.3:a:fusionauth:fusionauth:1.5.0
-
cpe:2.3:a:fusionauth:fusionauth:1.6.0
-
cpe:2.3:a:fusionauth:fusionauth:1.6.1
-
cpe:2.3:a:fusionauth:fusionauth:1.7.0
-
cpe:2.3:a:fusionauth:fusionauth:1.7.1
-
cpe:2.3:a:fusionauth:fusionauth:1.7.2
-
cpe:2.3:a:fusionauth:fusionauth:1.7.3
-
cpe:2.3:a:fusionauth:fusionauth:1.7.4
-
cpe:2.3:a:fusionauth:fusionauth:1.9.0
-
cpe:2.3:a:fusionauth:fusionauth:1.9.1
-
cpe:2.3:a:fusionauth:fusionauth:1.9.2