58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
|
id: CVE-2024-32651
|
||
|
|
||
|
info:
|
||
|
name: Change Detection - Server Side Template Injection
|
||
|
author: edoardottt
|
||
|
severity: critical
|
||
|
description: |
|
||
|
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.
|
||
|
reference:
|
||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-32651
|
||
|
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
|
||
|
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
|
||
|
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
|
||
|
classification:
|
||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||
|
cvss-score: 10
|
||
|
cve-id: CVE-2024-32651
|
||
|
cwe-id: CWE-1336
|
||
|
epss-score: 0.00065
|
||
|
epss-percentile: 0.28259
|
||
|
metadata:
|
||
|
verified: true
|
||
|
max-request: 1
|
||
|
shodan-query: html:"Change Detection"
|
||
|
tags: cve,cve2024,changedetection,ssti,rce,passive
|
||
|
|
||
|
http:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{RootURL}}/"
|
||
|
|
||
|
redirects: true
|
||
|
max-redirects: 2
|
||
|
|
||
|
extractors:
|
||
|
- type: xpath
|
||
|
name: version
|
||
|
internal: true
|
||
|
xpath:
|
||
|
- "//*[@id=\"right-sticky\"]"
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|
||
|
|
||
|
- type: word
|
||
|
part: body
|
||
|
words:
|
||
|
- "Change Detection"
|
||
|
condition: and
|
||
|
|
||
|
- type: dsl
|
||
|
dsl:
|
||
|
- compare_versions(version, '<= 0.45.20')
|
||
|
# digest: 4b0a00483046022100fababded42d7a17ed446608da54c1802c86f5ad0eff6a4f9f9c6299a3d4e0f9e022100843a8f54563f6dd62aa6d9d160e9ad7f886f39d623887bca9819f2e2fbb93ce4:922c64590222798bb761d5b6d8e72950
|