Skip to content

Thymeleaf, as used in Spring Boot Admin, allows sandbox bypass via crafted HTML

High severity GitHub Reviewed Published Jul 14, 2023 to the GitHub Advisory Database • Updated Nov 10, 2023

Package

maven de.codecentric:spring-boot-admin-server (Maven)

Affected versions

< 3.1.2

Patched versions

3.1.2

Description

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Spring Boot Admin 3.1.2 contains a patch for this issue.

References

Published by the National Vulnerability Database Jul 14, 2023
Published to the GitHub Advisory Database Jul 14, 2023
Reviewed Jul 14, 2023
Last updated Nov 10, 2023

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CVE ID

CVE-2023-38286

GHSA ID

GHSA-7gj7-224w-vpr3

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.