CVE-2020-13445 - OpenCVE

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Liferay	Liferay Portal

Configuration 1 [-]

OR	cpe:2.3:a:liferay:liferay_portal:7.1:ga1:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.1:ga2:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.1:ga3:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.1.1:ga2:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.2:ga1:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.3:ga1:::community:::*
	cpe:2.3:a:liferay:liferay_portal:7.3:ga2:::community:::*

No data.

References

Link	Providers
https://issues.liferay.com/browse/LPE-17023
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411
https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-10T18:09:38

Updated: 2024-08-04T12:18:18.284Z

Reserved: 2020-05-25T00:00:00

Link: CVE-2020-13445

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-10T19:15:09.943

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-13445

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-22T01:12:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.liferay.com/browse/LPE-17023"}, {"tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13445", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411", "refsource": "CONFIRM", "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"}, {"name": "https://issues.liferay.com/browse/LPE-17023", "refsource": "MISC", "url": "https://issues.liferay.com/browse/LPE-17023"}, {"name": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce", "refsource": "MISC", "url": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:18:18.284Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.liferay.com/browse/LPE-17023"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13445", "datePublished": "2020-06-10T18:09:38", "dateReserved": "2020-05-25T00:00:00", "dateUpdated": "2024-08-04T12:18:18.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_portal:7.1:ga1:*:*:community:*:*:*", "matchCriteriaId": "AB4DACB5-6018-484E-B4D4-83A6070EB11E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.1:ga2:*:*:community:*:*:*", "matchCriteriaId": "5309DDFD-9B58-437A-9ADF-D0A3F7B5328F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.1:ga3:*:*:community:*:*:*", "matchCriteriaId": "323159D4-B013-4F7F-951B-A9EEA14B67FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.1.1:ga2:*:*:community:*:*:*", "matchCriteriaId": "040B88A2-3AB5-48F4-AEDD-A4579A172C36", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.2:ga1:*:*:community:*:*:*", "matchCriteriaId": "EE4E1281-8507-42CB-9330-7D4B23247164", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.3:ga1:*:*:community:*:*:*", "matchCriteriaId": "3CBB1548-87A9-433E-A9B1-E83ACD627DD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:7.3:ga2:*:*:community:*:*:*", "matchCriteriaId": "BD811C1C-7736-4AED-A637-9A5DEF2E895B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates."}, {"lang": "es", "value": "En Liferay Portal versiones anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 6, la API de plantilla no restringe el acceso del usuario a objetos confidenciales, lo que permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de plantillas FreeMarker y Velocity dise\u00f1adas"}], "id": "CVE-2020-13445", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-10T19:15:09.943", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://issues.liferay.com/browse/LPE-17023"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}