rspec/rules/S5496/impact.adoc

=== What is the potential impact?

An attacker exploiting a server-side template injection vulnerability will be
able to execute arbitrary commands on the underlying operating system.

The impact depends on the access control measures taken on the target system
OS. In the worst-case scenario, the process runs with root privileges, and
therefore any OS commands or programs may be affected.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the vulnerability.

==== Denial of service and data leaks

In this scenario, the attack aims to disrupt the organization's activities and
profit from data leaks.

An attacker could, for example:

* download the internal server's data, most likely to sell it
* modify data, send malware
* stop services or exhaust resources (with fork bombs for example)

This threat is particularly insidious if the attacked organization does not
maintain a disaster recovery plan (DRP).

==== Root privilege escalation and pivot

In this scenario, the attacker can do everything described in the previous
section. The difference is that the attacker also manages to elevate their
privileges to an administrative level and attacks other servers.

Here, the impact depends on how much the target company focuses on its Defense
In Depth. For example, the entire infrastructure can be compromised by a
combination of OS injections and *misconfiguration* of:

* Docker or Kubernetes clusters
* cloud services
* network firewalls and routing
* OS access control
Create rule S5496: Server-side templates should not be vulnerable to injection attacks (#3861) * Add java to rule S5496 * Add S5496 for Java * Adjustments based on review * Fix to make asciidoc tests pass --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> 2024-04-18 15:26:08 +02:00			`=== What is the potential impact?`

			`An attacker exploiting a server-side template injection vulnerability will be`
			`able to execute arbitrary commands on the underlying operating system.`

			`The impact depends on the access control measures taken on the target system`
			`OS. In the worst-case scenario, the process runs with root privileges, and`
			`therefore any OS commands or programs may be affected.`

			`Below are some real-world scenarios that illustrate some impacts of an attacker`
			`exploiting the vulnerability.`

			`==== Denial of service and data leaks`

			`In this scenario, the attack aims to disrupt the organization's activities and`
			`profit from data leaks.`

			`An attacker could, for example:`

			`* download the internal server's data, most likely to sell it`
			`* modify data, send malware`
			`* stop services or exhaust resources (with fork bombs for example)`

			`This threat is particularly insidious if the attacked organization does not`
			`maintain a disaster recovery plan (DRP).`

			`==== Root privilege escalation and pivot`

			`In this scenario, the attacker can do everything described in the previous`
			`section. The difference is that the attacker also manages to elevate their`
			`privileges to an administrative level and attacks other servers.`

			`Here, the impact depends on how much the target company focuses on its Defense`
			`In Depth. For example, the entire infrastructure can be compromised by a`
			`combination of OS injections and misconfiguration of:`

			`* Docker or Kubernetes clusters`
			`* cloud services`
			`* network firewalls and routing`
			`* OS access control`