CVE-2024-46507 Scanner

Yeti Platform is primarily utilized by security researchers and threat intelligence teams. It aids in the analysis and tracking of cyber threats and indicators of compromise. Organizations leverage the platform for its comprehensive data correlation and visualization capabilities. Yeti Platform's intuitive user interface makes it accessible for both seasoned analysts and novices alike. Its wide range of integrations allows ease of connectivity with other security tools.

Server Side Template Injection (SSTI) vulnerabilities occur when an application incorrectly handles user input for server-side templates. This specific SSTI vulnerability in Yeti Platform can be exploited by malicious actors with valid credentials. They can inject malicious template expressions into the server, which are then executed. This can potentially allow for arbitrary command execution on the host server. As a result, it poses a critical security risk.

This vulnerability exists due to the failure to sanitize inputs in the application's templating engine. Attackers can craft special payloads and inject them via HTTP POST requests to the /api/v2/templates/ endpoint. The vulnerability resides in the server’s evaluation of template expressions without proper input validation. If exploited, the injected expressions execute within the server's context. The flaw allows various privileges depending on the server’s user execution context.

Exploiting this vulnerability can lead to severe consequences. Attackers may gain unauthorized access to sensitive data hosted on the server. Malicious commands could be executed, causing service disruptions or unauthorized server modifications. Ultimately, this insecurity could result in full server compromise and data exfiltration. There is also potential for the introduction of further vulnerabilities through manipulated updates or configurations.

REFERENCES

• https://rhinosecuritylabs.com/research/cve-2024-46507-yeti-server-side-template-injection-ssti/