CVE-2024-32651
Server Side Template Injection in Jinja2 allows Remote Command Execution
In short
changedetection.io has a critical vulnerability where attackers can inject malicious code into Jinja2 templates, allowing them to run any command on the server. This means someone could take complete control of the entire system without needing a password.
Technical detail
A Server Side Template Injection (SSTI) in Jinja2 template processing enables unauthenticated remote code execution (RCE) on the host system. Attackers exploit unsanitized user input reflected in template rendering contexts to break out of the template sandbox and execute arbitrary system commands with server privileges, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
dgtlmoon · changedetection.iopublic PoCs found — 2
githubgithub.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE★ 4githubgithub.com/zcrosman/cve-2024-32651★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://blog.hacktivesecurity.com/index.php/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2