Miggo Logo
Miggo Vulnerability Database
CVE-2020-1961

CVE-2020-1961: Injection in Apache Syncope

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-1961
GHSA ID
GHSA-4w4p-xwrr-9crh
EPSS Score
0.91079%
CWE
CWE-74
Published
6/16/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.syncope:syncope-coremaven>= 2.0.0, < 2.0.152.0.15
org.apache.syncope:syncope-coremaven>= 2.1.0, < 2.1.62.1.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers on JEXL injection in mail templates. Key indicators:

  1. The advisory explicitly calls out JEXL expression evaluation as the attack vector
  2. Syncope's architecture uses JEXL for template processing across multiple components
  3. Previous similar CVEs (CVE-2014-0111) involved JEXL evaluation in provisioning logic
  4. Mail template processing would require a rendering function combining user input with JEXL evaluation

While exact patch details are unavailable, the MailUtils.render function is the most probable candidate based on Syncope's architecture and vulnerability patterns. FlowableRuntimeUtils is included as secondary due to shared expression evaluation patterns, though with lower confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Vuln*r**ility to S*rv*r-Si** T*mpl*t* Inj**tion on M*il t*mpl*t*s *or *p**** Syn*op* *.*.X r*l**s*s prior to *.*.**, *.*.X r*l**s*s prior to *.*.*, *n**lin* *tt**k*rs to inj**t *r*itr*ry J*XL *xpr*ssions, l***in* to R*mot* *o** *x**ution (R**) w*s *i

Reasoning

T** vuln*r**ility **nt*rs on J*XL inj**tion in m*il t*mpl*t*s. K*y in*i**tors: *. T** **visory *xpli*itly **lls out J*XL *xpr*ssion *v*lu*tion *s t** *tt**k v**tor *. Syn*op*'s *r**it**tur* us*s J*XL *or t*mpl*t* pro**ssin* **ross multipl* *ompon*nts