nuclei-templates/http/vulnerabilities/other/jfrog-unauth-build-exposed....

42 lines
1.1 KiB
YAML
Raw Normal View History

2021-07-02 02:53:42 +00:00
id: jfrog-unauth-build-exposed
info:
name: JFrog Unauthentication Builds
author: dhiyaneshDK
severity: medium
2024-01-02 15:45:12 +00:00
description: JFrog Builds are exposed to Unauthenticated users.
reference:
- https://github.com/jaeles-project/jaeles-signatures/blob/master/common/jfrog-unauth-build-exposed.yaml
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: jfrog
2021-07-02 02:53:42 +00:00
http:
2021-07-02 02:53:42 +00:00
- raw:
- |
POST /ui/api/v1/global-search/builds?jfLoader=true HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
2021-07-02 02:55:40 +00:00
2021-07-02 02:53:42 +00:00
{"name":"","before":"","after":"","direction":"desc","order_by":"date","num_of_rows":100}
2021-07-03 19:52:08 +00:00
2021-07-03 19:56:41 +00:00
matchers-condition: and
2021-07-02 02:53:42 +00:00
matchers:
- type: word
words:
- "last_build_number"
- "build_name"
condition: and
part: body
- type: word
words:
- application/json
part: header
- type: status
status:
- 200
# digest: 490a004630440220120a9b1e787131db8639e21370b2f7036c395109ef9ac8e456815476d4df0fe002207b73204df242023f76621911633e439c951bcecdc7ba31a57738f30bf665edc0:922c64590222798bb761d5b6d8e72950