An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-1336 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-04-27T00:00:00
Updated: 2024-10-25T19:30:09.579Z
Reserved: 2024-04-27T00:00:00
Link: CVE-2022-48684
Vulnrichment
Updated: 2024-08-03T15:17:55.753Z
NVD
Status : Awaiting Analysis
Published: 2024-04-27T23:15:06.110
Modified: 2024-11-21T07:33:46.047
Link: CVE-2022-48684
Redhat
No data.