CVE-2023-44382: October CMS safe mode bypass using Twig sandbox escape
First published: Wed Nov 29 2023(Updated: )
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/october/system | >=3.0.0<3.4.15 | 3.4.15 |
| Octobercms October | >=3.0.0<3.4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the impact of CVE-2023-44382?
An authenticated backend user with certain permissions can execute PHP code.
How can an attacker exploit CVE-2023-44382?
By writing specific Twig code to escape the Twig sandbox.
Which version of October CMS is affected by CVE-2023-44382?
Version 3.0.0 up to and including 3.4.15 of October CMS is affected.
How can I remediate CVE-2023-44382?
Upgrade to version 3.4.15 of October CMS.
Where can I find more information about CVE-2023-44382?
You can find more information at the following references: [GitHub Advisory](https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx) [GitHub advisory](https://github.com/advisories/GHSA-p8q3-h652-65vx)
- collector/mitre-cve
- collector/github-advisory-latest
- alias/GHSA-p8q3-h652-65vx
- alias/CVE-2023-44382
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory
- package-manager/composer
- vendor/octobercms
- canonical/octobercms october
- version/octobercms october/3.0.0