| Title | Apereo CAS v5.2.6 Remote Arbitrary Code Execution |
|---|
| Description | 1.Vulnerability Name:
Apereo CAS v5.2.6 Groovy Remote Arbitrary Code Execution Vulnerability
2.Vulnerability discoverers and contributors:蔡超雄(caichaoxiong)
3.Vulnerability level: High
4.Impact : v5.2.6
5.Vulnerability location: saveService interface of Apereo cas-management.
6. Vulnerability Description:
Service that can be executed arbitrary Groovy code through the saveService interface of cas-management , resulting in Remote arbitrary code execution .
7. Vulnerability discovery process :
Vulnerability Exploitation Conditions:
(1) csa-server has enabled the extended support for dynamic registration of services (dynamic registration of services is not enabled by default);
(2) You need to deploy the cas-management management backend, have the account and password of the management backend, and have the authority to access the saveService interface;
(3) Modify the application.properties configuration to enable status and have permission to access the CAS Dashboard of the csa-server (the CAS Dashboard allows access through 127.0.0.1 by default). |
|---|
| Source | ⚠️ https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij |
|---|
| User | caichaoxiong (UID 84060) |
|---|
| Submission | 04/12/2025 15:49 (1 Year ago) |
|---|
| Moderation | 04/26/2025 10:07 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 306320 [Apereo CAS 5.2.6 Groovy Code RegisteredServiceSimpleFormController.java saveService code injection] |
|---|
| Points | 17 |
|---|