Dashboard Template Enhancements (#3752)

* Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Enhancement: cves/2010/CVE-2010-1957.yaml by mp * Enhancement: cves/2010/CVE-2010-1977.yaml by mp * Enhancement: cves/2010/CVE-2010-1979.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-1983.yaml by mp * Enhancement: cves/2010/CVE-2010-2033.yaml by mp * Enhancement: cves/2010/CVE-2010-2034.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2036.yaml by mp * Enhancement: cves/2010/CVE-2010-2037.yaml by mp * Enhancement: cves/2010/CVE-2010-2045.yaml by mp * Enhancement: cves/2010/CVE-2010-2050.yaml by mp * Enhancement: cves/2010/CVE-2010-2122.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2128.yaml by mp * Enhancement: cves/2010/CVE-2010-2259.yaml by mp * Enhancement: cves/2010/CVE-2010-2307.yaml by mp * Enhancement: cves/2010/CVE-2010-2507.yaml by mp * Enhancement: cves/2010/CVE-2010-2680.yaml by mp * Enhancement: cves/2010/CVE-2010-2682.yaml by mp * Enhancement: cves/2010/CVE-2010-2857.yaml by mp * Enhancement: cves/2010/CVE-2010-2861.yaml by mp * Enhancement: cves/2010/CVE-2010-2918.yaml by mp * Enhancement: cves/2010/CVE-2010-2920.yaml by mp * Enhancement: cves/2010/CVE-2010-3203.yaml by mp * Enhancement: cves/2010/CVE-2010-3426.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4231.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4719.yaml by mp * Enhancement: cves/2010/CVE-2010-4769.yaml by mp * Enhancement: cves/2010/CVE-2010-4977.yaml by mp * Enhancement: cves/2010/CVE-2010-5028.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2010/CVE-2010-5286.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-1669.yaml by mp * Enhancement: cves/2011/CVE-2011-2744.yaml by mp * Enhancement: cves/2000/CVE-2000-0114.yaml by mp * Enhancement: cves/2011/CVE-2011-3315.yaml by mp * Enhancement: cves/2011/CVE-2011-4336.yaml by mp * Enhancement: cves/2011/CVE-2011-4618.yaml by mp * Enhancement: cves/2011/CVE-2011-4624.yaml by mp * Enhancement: cves/2011/CVE-2011-4804.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2012/CVE-2012-1823.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-1226.yaml by mp * Enhancement: cves/2012/CVE-2012-0996.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-27358.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2012/CVE-2012-1835.yaml by mp * Enhancement: cves/2012/CVE-2012-0901.yaml by mp * Enhancement: cves/2011/CVE-2011-5265.yaml by mp * Enhancement: cves/2011/CVE-2011-5181.yaml by mp * Enhancement: cves/2011/CVE-2011-5179.yaml by mp * Enhancement: cves/2011/CVE-2011-5107.yaml by mp * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2012/CVE-2012-0991.yaml by mp * Enhancement: cves/2012/CVE-2012-0981.yaml by mp * Enhancement: cves/2012/CVE-2012-0896.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp Fix "too few spaces before comment" lint errors * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2013/CVE-2013-2287.yaml by mp * Enhancement: cves/2012/CVE-2012-5913.yaml by mp * Enhancement: cves/2012/CVE-2012-4889.yaml by mp * Enhancement: cves/2012/CVE-2012-4768.yaml by mp * Enhancement: cves/2012/CVE-2012-4547.yaml by mp * Enhancement: cves/2012/CVE-2012-4273.yaml by mp * Enhancement: cves/2012/CVE-2012-4242.yaml by mp * Enhancement: cves/2012/CVE-2012-2371.yaml by mp * Enhancement: cves/2013/CVE-2013-2248.yaml by mp * Enhancement: cves/2012/CVE-2012-4940.yaml by mp * Enhancement: cves/2012/CVE-2012-4878.yaml by mp * Enhancement: cves/2012/CVE-2012-4253.yaml by mp * Enhancement: cves/2012/CVE-2012-4253.yaml by mp Trailing space * Enhancement: cves/2013/CVE-2013-2251.yaml by mp * Enhancement: cves/2013/CVE-2013-1965.yaml by mp * Enhancement: cves/2012/CVE-2012-3153.yaml by mp * Enhancement: cves/2012/CVE-2012-5913.yaml by mp * Enhancement: cves/2012/CVE-2012-4242.yaml by mp * Merge conflict * Fix references syntax * Fix syntax. Again. * Update CVE-2011-4926.yaml * Enhancement: cves/2021/CVE-2021-28073.yaml by cs * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-20167.yaml by cs * Enhancement: cves/2021/CVE-2021-40438.yaml by cs * Enhancement: cves/2021/CVE-2021-40438.yaml by cs Co-authored-by: sullo <sullo@cirt.net>
2022-02-23 03:00:19 -05:00 · 2022-02-23 03:00:19 -05:00 · 3e13f1cce6
parent fade3db21a
commit 3e13f1cce6
4 changed files with 19 additions and 7 deletions
--- a/cves/2021/CVE-2021-20167.yaml
+++ b/cves/2021/CVE-2021-20167.yaml
@ -4,7 +4,8 @@ info:
  name: Netgear RAX43 - Unauthenticated Command Injection / Authentication Bypass Buffer Overrun via LAN Interface
  author: gy741
  severity: critical
-  description: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167. Netgear RAX43 version 1.0.3.96 contains a command injection and authbypass vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. and The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.
+  description: "Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167."
+  remediation: Upgrade to newer release of the RAX43 firmware.
  reference:
    - https://www.tenable.com/security/research/tra-2021-55
    - https://nvd.nist.gov/vuln/detail/CVE-2021-20166
@ -30,3 +31,5 @@ requests:
        part: interactsh_protocol
        words:
          - "http"
+
+# Enhanced by cs on 2022/02/22
--- a/cves/2021/CVE-2021-28073.yaml
+++ b/cves/2021/CVE-2021-28073.yaml
@ -4,11 +4,15 @@ info:
  name: Ntopng Authentication Bypass
  author: z3bd
  severity: critical
-  description: Ntopng is a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by the server. There is a authentication bypass vulnerability in ntopng <= 4.2
+  description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
+  remediation: Upgrade to version 4.3 or later.
  tags: ntopng,cve,cve2021
  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-27573
    - http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
    - https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
+  classification:
+    cve-id: CVE-2021-28073

 requests:
  - method: GET
@ -34,3 +38,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by cs on 2022/02/22
--- a/cves/2021/CVE-2021-39226.yaml
+++ b/cves/2021/CVE-2021-39226.yaml
@ -3,7 +3,7 @@ id: CVE-2021-39226
 info:
  name: Grafana Snapshot Authentication Bypass
  author: Evan Rubinstein
-  description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of wether or not the snapshot is set to public mode (disabled by default).
+  description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
  remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
  reference:
    - https://github.com/advisories/GHSA-69j6-29vr-p3j9
@ -31,4 +31,4 @@ requests:
        words:
          - '"isSnapshot":true'

-# Enhanced by cs on 2022/02/18
+# Enhanced by cs on 2022/02/22
--- a/cves/2021/CVE-2021-40438.yaml
+++ b/cves/2021/CVE-2021-40438.yaml
@ -1,10 +1,11 @@
 id: CVE-2021-40438

 info:
-  name: Apache <= 2.4.48 - Mod_Proxy SSRF
+  name: Apache <= 2.4.48 Mod_Proxy SSRF
  author: pdteam
  severity: critical
-  description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
+  description: Apache 2.4.8 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.
+  remediation: Upgrade to Apache version 2.4.49 or newer.
  reference:
    - https://firzen.de/building-a-poc-for-cve-2021-40438
    - https://httpd.apache.org/security/vulnerabilities_24.html
@ -26,4 +27,6 @@ requests:
    matchers:
      - type: word
        words:
-          - "Interactsh Server"
+          - "Interactsh Server"
+
+# Enhanced by cs on 2022/02/22