CVE-2023-43661

Name of the Vulnerable Software and Affected Versions Cachet versions prior to 2.4

Description A template functionality in Cachet allows users to create templates, which can lead to the execution of any code on the server due to bad filtration and an old twig version. This issue can be exploited through the /api/v1/incidents API endpoint, where an attacker can control the template input passed to the CreateIncidentCommandHandler.php handler. If an attacker can control this data, they may be able to trigger a server-side template injection vulnerability, leading to remote code execution. The vulnerability exists in the processing of data by Cachet without filtration, not within the Twig library itself.

Recommendations Update to Cachet version 2.4 or later to patch this issue. As a temporary workaround, consider filtering user-controlled data by a safe pattern to minimize the risk of exploitation. Restrict access to the /api/v1/incidents API endpoint for non-admin users to prevent triggering this vulnerability. Use sandboxed twig mode to limit the potential damage from template injection attacks.