nuclei-templates/cves/2020/CVE-2020-26214.yaml

id: CVE-2020-26214
info:

  name: Alerta Authentication Bypass
  author: CasperGN
  severity: critical
  description: |
    Alerta prior to version 8.1.0 is prone to Authentication Bypass when using LDAP as authorization provider and the LDAP server accepts Unauthenticated Bind requests.
  reference:
    - https://github.com/advisories/GHSA-5hmm-x8q8-w5jh
    - https://tools.ietf.org/html/rfc4513#section-5.1.2
    - https://pypi.org/project/alerta-server/8.1.0/
  tags: cve,cve2020,alerta
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2020-26214
    cwe-id: CWE-287

requests:
  - method: GET
    path:
      - '{{BaseURL}}/api/config'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
        condition: or
      - type: regex
        regex:
          - 'provider":\s*"ldap"'
        condition: or
    extractors:
      - type: regex
        part: body
        name: alerta-version
        group: 1
        regex:
          - 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
misc changes 2021-01-02 04:56:15 +00:00			`id: CVE-2020-26214`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`info:`

No need for name to write the CVE in it 2021-03-16 14:13:04 +00:00			`name: Alerta Authentication Bypass`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`author: CasperGN`
			`severity: critical`
Spelling 2021-03-16 14:12:25 +00:00			`description: \|`
			`Alerta prior to version 8.1.0 is prone to Authentication Bypass when using LDAP as authorization provider and the LDAP server accepts Unauthenticated Bind requests.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Add references 2021-03-11 10:26:36 +00:00			`- https://github.com/advisories/GHSA-5hmm-x8q8-w5jh`
			`- https://tools.ietf.org/html/rfc4513#section-5.1.2`
			`- https://pypi.org/project/alerta-server/8.1.0/`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2020,alerta`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.80`
			`cve-id: CVE-2020-26214`
			`cwe-id: CWE-287`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/api/config'`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
Smarter Regex 2021-03-15 17:03:53 +00:00			`- 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`condition: or`
Search for "provider":"ldap" to complete the match on the cve Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 11:37:29 +00:00			`- type: regex`
			`regex:`
Smarter Regex 2021-03-15 17:03:53 +00:00			`- 'provider":\s*"ldap"'`
Search for "provider":"ldap" to complete the match on the cve Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 11:37:29 +00:00			`condition: or`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`extractors:`
			`- type: regex`
			`part: body`
			`name: alerta-version`
			`group: 1`
			`regex:`
Smarter Regex 2021-03-15 17:03:53 +00:00			`- 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`