nuclei-templates/cves/2020/CVE-2020-26214.yaml

id: CVE-2020-26214
info:

  name: Alerta Authentication Bypass (CVE-2020-26214)
  author: CasperGN
  severity: critical
  description: Alerta prior to version 8.1.0 is prone to Authentication Bypass when using LDAP as authorization provider and the LDAP server accepts Unauthenticated Bind reqests.
  reference:
    - https://github.com/advisories/GHSA-5hmm-x8q8-w5jh
    - https://tools.ietf.org/html/rfc4513#section-5.1.2
    - https://pypi.org/project/alerta-server/8.1.0/
  tags: cve,cve2020,alerta

requests:
  - method: GET
    path:
      - '{{BaseURL}}/api/config'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - 'name":"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
          - 'name": "Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
        condition: or
      - type: regex
        regex:
          - 'provider":"ldap"'
          - 'provider": "ldap"'
        condition: or
    extractors:
      - type: regex
        part: body
        name: alerta-version
        group: 1
        regex:
          - 'name":"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
          - 'name": "Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
misc changes 2021-01-02 04:56:15 +00:00			`id: CVE-2020-26214`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`info:`

			`name: Alerta Authentication Bypass (CVE-2020-26214)`
			`author: CasperGN`
			`severity: critical`
			`description: Alerta prior to version 8.1.0 is prone to Authentication Bypass when using LDAP as authorization provider and the LDAP server accepts Unauthenticated Bind reqests.`
removing empty spaces 2021-03-11 13:02:26 +00:00			`reference:`
Add references 2021-03-11 10:26:36 +00:00			`- https://github.com/advisories/GHSA-5hmm-x8q8-w5jh`
			`- https://tools.ietf.org/html/rfc4513#section-5.1.2`
			`- https://pypi.org/project/alerta-server/8.1.0/`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2020,alerta`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/api/config'`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
			`- 'name":"Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`
			`- 'name": "Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`
			`condition: or`
Search for "provider":"ldap" to complete the match on the cve Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 11:37:29 +00:00			`- type: regex`
			`regex:`
			`- 'provider":"ldap"'`
			`- 'provider": "ldap"'`
			`condition: or`
Add cve-2020-26214 detection Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-11-07 10:47:02 +00:00			`extractors:`
			`- type: regex`
			`part: body`
			`name: alerta-version`
			`group: 1`
			`regex:`
			`- 'name":"Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`
			`- 'name": "Alerta ([0-7]\.[0-9]\.[0-9]\|8\.0.[0-9])"'`