CVE-2024-41667

HIGH NUCLEI

OpenAM < 15.0.4 - Template Injection via CustomLoginUrlTemplate

Title source: llm

Exploitation Summary

CVE-2024-41667 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default OpenAM login, they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.

Nuclei Templates (1)

OpenAM<=15.0.3 FreeMarker - Template Injection

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v

Patch x_refsource_misc

https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0357

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (2)

OpenIdentityPlatform/OpenAM < 15.0.4

org.openidentityplatform.openam/openam-oauth2 0 - 15.0.4Maven

Published Jul 24, 2024

Tracked Since Feb 18, 2026