nuclei-templates/passive/cves/2024/CVE-2024-32651.yaml

58 lines
1.6 KiB
YAML
Raw Normal View History

2024-04-29 14:36:08 +00:00
id: CVE-2024-32651
info:
2024-05-03 05:41:13 +00:00
name: Change Detection - Server Side Template Injection
2024-04-29 14:36:08 +00:00
author: edoardottt
severity: critical
description: |
2024-04-29 14:41:50 +00:00
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.
2024-04-29 14:36:08 +00:00
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-32651
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
2024-05-03 05:41:13 +00:00
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
2024-04-29 14:36:08 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-32651
cwe-id: CWE-1336
epss-score: 0.00065
epss-percentile: 0.28259
2024-05-03 05:41:13 +00:00
metadata:
verified: true
max-request: 1
shodan-query: html:"Change Detection"
2024-05-07 12:55:10 +00:00
tags: cve,cve2024,changedetection,ssti,rce,passive
2024-04-29 14:36:08 +00:00
2024-05-03 05:41:13 +00:00
http:
2024-04-29 14:36:08 +00:00
- method: GET
path:
2024-05-03 08:50:53 +00:00
- "{{RootURL}}/"
2024-04-29 14:36:08 +00:00
2024-05-03 05:41:13 +00:00
redirects: true
max-redirects: 2
2024-04-29 14:36:08 +00:00
extractors:
- type: xpath
name: version
internal: true
xpath:
- "//*[@id=\"right-sticky\"]"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "Change Detection"
condition: and
- type: dsl
dsl:
2024-04-29 14:41:50 +00:00
- compare_versions(version, '<= 0.45.20')
# digest: 4b0a00483046022100fababded42d7a17ed446608da54c1802c86f5ad0eff6a4f9f9c6299a3d4e0f9e022100843a8f54563f6dd62aa6d9d160e9ad7f886f39d623887bca9819f2e2fbb93ce4:922c64590222798bb761d5b6d8e72950