CVE-2024-41667

Name of the Vulnerable Software and Affected Versions OpenAM versions 15.0.3 and prior

Description The issue is related to the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java, which is vulnerable to template injection due to its usage of user input. This vulnerability allows an attacker to execute arbitrary code remotely. The developer intended to implement a custom URL for handling login, but did not restrict the CustomLoginUrlTemplate, allowing it to be set freely. A fix is expected to be part of version 15.0.4, which introduces TemplateClassResolver.SAFER RESOLVER to disable the resolution of commonly exploited classes in FreeMarker template injection.

Recommendations For OpenAM versions 15.0.3 and prior, update to version 15.0.4 or later, which is expected to include the fix for this issue. As a temporary workaround, consider restricting the CustomLoginUrlTemplate to prevent it from being set freely. Additionally, disabling the getCustomLoginUrlTemplate method until a patch is available can help minimize the risk of exploitation.