| 标题 | Apereo CAS v5.2.6 Remote Arbitrary Code Execution |
|---|
| 描述 | 1.Vulnerability Name:
Apereo CAS v5.2.6 Groovy Remote Arbitrary Code Execution Vulnerability
2.Vulnerability discoverers and contributors:蔡超雄(caichaoxiong)
3.Vulnerability level: High
4.Impact : v5.2.6
5.Vulnerability location: saveService interface of Apereo cas-management.
6. Vulnerability Description:
Service that can be executed arbitrary Groovy code through the saveService interface of cas-management , resulting in Remote arbitrary code execution .
7. Vulnerability discovery process :
Vulnerability Exploitation Conditions:
(1) csa-server has enabled the extended support for dynamic registration of services (dynamic registration of services is not enabled by default);
(2) You need to deploy the cas-management management backend, have the account and password of the management backend, and have the authority to access the saveService interface;
(3) Modify the application.properties configuration to enable status and have permission to access the CAS Dashboard of the csa-server (the CAS Dashboard allows access through 127.0.0.1 by default). |
|---|
| 来源 | ⚠️ https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij |
|---|
| 用户 | caichaoxiong (UID 84060) |
|---|
| 提交 | 2025-04-12 15時49分 (1 年前) |
|---|
| 管理 | 2025-04-26 10時07分 (14 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 306320 [Apereo CAS 5.2.6 Groovy Code RegisteredServiceSimpleFormController.java saveService 权限提升] |
|---|
| 积分 | 17 |
|---|